Kit: Phishing scams. They are on the web
-- including virtual worlds.
-
by Orange Planer
For the White Tiger Mentors
-
Mostly we are safe in Second Life but there are times we need to take some responsibility ourselves for our own safety too.
-
This article is about Phishing. The White Tiger Mentors think that its important that you know about it and understand it.
-
Phishing is a euphemism for cybercriminals fishing into your online pocket to steal your money.
-
This can happen all over the world wide web, via our cell phones, PCs, iPads or anything else we use to get online.
-
How do they do it? By convincing you to do something that gives them your information. What information do they want? Your real life name, usernames and passwords, websites you might use, your contacts list, credit card numbers, bank account numbers and others.
-
What methods do they use?
-
Any way they can get a message to you.
-
In Second Life this can happen too. Unfortunately from time to time people do encounter cybercriminals here.
-
In Second Life it can take a variety of forms, and can be dealt with by just stopping and thinking and looking for a few moments before you make the decision to give away those vital details.
-
In general phishing can be done via:
-
• IM
• Group chat
• Public chat
• Pop-ups from objects you rez
• Group notifications
• Unscrupulous people who have message vendors that IM people via a list
-
There are possibly other methods as well.
-
A common Phishing attempt will be to offer you something from the MarketPlace and give you the link to see it.
-
So, when we shop on the MarketPlace what is the first thing we need to do? YES! Log in with our Username and Password.
-
That is where we S T O P and T H I N K.
-
Of course the vast majority of the time your friends and groups will be giving you information that is absolutely fine - BUT - maybe they themselves are not aware of Phishing and didn't make that ALL IMPORTANT check. So, its down to YOU to do so!
-
The message or link does not need to be related to money or buying things but it will look attractive in some way. Sex, free things, free downloads that you 'need,' something that looks funny or interesting to access... a deal that is maybe too good to be true even.
-
So you have anitvirus installed you are thinking? Excellent! But that is not going to stop a Phishing attempt against you being successful - there is only one thing that will always make a genuine Phishing attempt fail, and that is YOUR diligence.
-
So - what are we looking for and how do we know what is genuine and what is not?
-
Lets take a look at a fake example of a web link -
http://marcketplacessecondllfe.altervista.org/p/7-Velis-Dance-pillow-with-menu-Belly-dances-sexy-dance-arabian/1258215/login.bad
-
(The link has been changed to prevent anybody from going to a fake website.)
-
Initially it looks pretty good: Dance, pillow, belly, sexy! They are Phishing with a hook and the hook in this case is sex.
-
But let’s take a closer look at it.
-
First, what’s the domain name? Anything from Linden Lab (ne Linden Research) has one of the following domains:
• Lindenlab.com
• Secondlife.com
• Buildpatterns.com
• Creatoverse.com
-
- most commonly -
-
• Lindenlab.com
• Secondlife.com
-
But what’s the domain name in the FAKE link?
-
1. Start from the left and skip the "http://". Search for the first “/” starting from the left.
-
2. You put the domain name together: starting from the “/,” look left and find the first ".".
-
3. The first group of characters before the “.” and the first group of characters AFTER the “.” form the domain name. What is it in this case?
-
altervista.org
-
That does not sound like any of the Linden Lab domains, does it? And no, Linden Lab doesn’t reserve domain names on altervista.org.
-
What’s another way? Phone calls. You think they are not related to Second Life? Ever had a billing problem? You might need to contact Linden Lab. What if I told you to call 800-837-4804 if you had billing problems with Linden Lab? Would you call it?
- Why is a phone call dangerous? Once someone has your phone number they may be able to charge services against it. Cybercriminals don’t want to waste time, so they’ll use only phone numbers that are known to be real. If they can get your number, you can bet they’re going to use it and sell it.
-
I’ve had friends tell me absolutely they would call a number I said they should call, or go to a website. But what if MY account had been hacked, they would not know it would they? Orange could in an extreme case be someone else - not the real me!
-
If someone could break my password, log on as me, they could send everybody in my friends list a Phishing message. There are 600+ people on my friends list. That’s a lot of Phishing and you know they’re going to catch a few.
-
If someone gives you a phone number to call for some reason, make sure they tell you the website where they got the phone number.
-
If you need to contact Linden Lab by phone you can look up their phone numbers on the SL Knowlege Base.
-
In fact you can find answers to many questions on The Knowledge Base.
http://community.secondlife.com/t5/tkb/v1/page/blog-id/English_KB@tkb
-
If someone sends you a link you are unsure of (remember always do that quick check no matter who sends it to you) let one of our mentors know and they will either look at it themselves or get someone to check it out for you.
-
DON'T let your learning today worry you in Second Life. But also DON'T ignore it.
-
There is a middle ground - STOP and THINK.
-
Any questions, send me an IM.
Orange Planer
-
White Tiger Help & Learning Island. New Resident Services
*****
-- including virtual worlds.
-
by Orange Planer
For the White Tiger Mentors
-
Mostly we are safe in Second Life but there are times we need to take some responsibility ourselves for our own safety too.
-
This article is about Phishing. The White Tiger Mentors think that its important that you know about it and understand it.
-
Phishing is a euphemism for cybercriminals fishing into your online pocket to steal your money.
-
This can happen all over the world wide web, via our cell phones, PCs, iPads or anything else we use to get online.
-
How do they do it? By convincing you to do something that gives them your information. What information do they want? Your real life name, usernames and passwords, websites you might use, your contacts list, credit card numbers, bank account numbers and others.
-
What methods do they use?
-
Any way they can get a message to you.
-
In Second Life this can happen too. Unfortunately from time to time people do encounter cybercriminals here.
-
In Second Life it can take a variety of forms, and can be dealt with by just stopping and thinking and looking for a few moments before you make the decision to give away those vital details.
-
In general phishing can be done via:
-
• IM
• Group chat
• Public chat
• Pop-ups from objects you rez
• Group notifications
• Unscrupulous people who have message vendors that IM people via a list
-
There are possibly other methods as well.
-
A common Phishing attempt will be to offer you something from the MarketPlace and give you the link to see it.
-
So, when we shop on the MarketPlace what is the first thing we need to do? YES! Log in with our Username and Password.
-
That is where we S T O P and T H I N K.
-
Of course the vast majority of the time your friends and groups will be giving you information that is absolutely fine - BUT - maybe they themselves are not aware of Phishing and didn't make that ALL IMPORTANT check. So, its down to YOU to do so!
-
The message or link does not need to be related to money or buying things but it will look attractive in some way. Sex, free things, free downloads that you 'need,' something that looks funny or interesting to access... a deal that is maybe too good to be true even.
-
So you have anitvirus installed you are thinking? Excellent! But that is not going to stop a Phishing attempt against you being successful - there is only one thing that will always make a genuine Phishing attempt fail, and that is YOUR diligence.
-
So - what are we looking for and how do we know what is genuine and what is not?
-
Lets take a look at a fake example of a web link -
http://marcketplacessecondllfe.altervista.org/p/7-Velis-Dance-pillow-with-menu-Belly-dances-sexy-dance-arabian/1258215/login.bad
-
(The link has been changed to prevent anybody from going to a fake website.)
-
Initially it looks pretty good: Dance, pillow, belly, sexy! They are Phishing with a hook and the hook in this case is sex.
-
But let’s take a closer look at it.
-
First, what’s the domain name? Anything from Linden Lab (ne Linden Research) has one of the following domains:
• Lindenlab.com
• Secondlife.com
• Buildpatterns.com
• Creatoverse.com
-
- most commonly -
-
• Lindenlab.com
• Secondlife.com
-
But what’s the domain name in the FAKE link?
-
1. Start from the left and skip the "http://". Search for the first “/” starting from the left.
-
2. You put the domain name together: starting from the “/,” look left and find the first ".".
-
3. The first group of characters before the “.” and the first group of characters AFTER the “.” form the domain name. What is it in this case?
-
altervista.org
-
That does not sound like any of the Linden Lab domains, does it? And no, Linden Lab doesn’t reserve domain names on altervista.org.
-
What’s another way? Phone calls. You think they are not related to Second Life? Ever had a billing problem? You might need to contact Linden Lab. What if I told you to call 800-837-4804 if you had billing problems with Linden Lab? Would you call it?
- Why is a phone call dangerous? Once someone has your phone number they may be able to charge services against it. Cybercriminals don’t want to waste time, so they’ll use only phone numbers that are known to be real. If they can get your number, you can bet they’re going to use it and sell it.
-
I’ve had friends tell me absolutely they would call a number I said they should call, or go to a website. But what if MY account had been hacked, they would not know it would they? Orange could in an extreme case be someone else - not the real me!
-
If someone could break my password, log on as me, they could send everybody in my friends list a Phishing message. There are 600+ people on my friends list. That’s a lot of Phishing and you know they’re going to catch a few.
-
If someone gives you a phone number to call for some reason, make sure they tell you the website where they got the phone number.
-
If you need to contact Linden Lab by phone you can look up their phone numbers on the SL Knowlege Base.
-
In fact you can find answers to many questions on The Knowledge Base.
http://community.secondlife.com/t5/tkb/v1/page/blog-id/English_KB@tkb
-
If someone sends you a link you are unsure of (remember always do that quick check no matter who sends it to you) let one of our mentors know and they will either look at it themselves or get someone to check it out for you.
-
DON'T let your learning today worry you in Second Life. But also DON'T ignore it.
-
There is a middle ground - STOP and THINK.
-
Any questions, send me an IM.
Orange Planer
-
White Tiger Help & Learning Island. New Resident Services
*****
- What do we do in Virtual Worlds?
- Search on page with Google Chrome: Ctrl+f, search bar upper right
- Google search this blog, column on right
- or put site:virtualoutworlding.blogspot.com at the end of the search terms
- Annotated screen shots made with Jing
- Creative Commons License, attribution only.
- Second Life, Linden, SLurl, and SL are trademarks of Linden Research Inc.
- This blog is not affiliated with Second Life or anything else.
- Ads are from Google
-
- Drop by my place in Second life
- Location Link. Click to go or drag to the viewer screen:
- http://maps.secondlife.com/secondlife/Cookie/136/100/22
- Feel free to send me an IM, notecard, or friend request.
- Thinkerer Melville/Selby Evans
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.