Scanning for the SL scammers

SL has tended to have its share of scams over the years, running from the misuse of Account Debiting scripts (wherein an unknown object sends you a request asking to be allowed to take money from your account), through to quite involved and complicated data-scraping efforts as most clearly exemplified by the infamous RedZone affair of 2010/2011.

Recently, we’ve had two attempts at what amounts to phishing for SL user’s log-in credentials (and possibly other information). These attempts are focused on trying to take advantage of the Second Life name and the widespread popularity of the Phoenix and Firestorm TPVs.

SL Log-in Scam

This problem first appeared in March which people began receiving seemingly genuine information directing them to what appears to be the SL web log-in page, with a request to log-in to SL The site was actually a false page, geared solely towards gain people’s user name and password.

Lindal Kidd was one of the first to report this issue, alongside of covering the Account Debiting scam. Shopping Cart Disco also covered the issue, with an excellent piece on what to look for, complete with screen shots. More recently, the Phoenix / Firestorm team themselves blogged about the problem.

Phoenix / Firestorm Survey Scam

Over the Easter weekend, a new scam appeared using the lure of a L$ reward to tempt people. It comprises a message the can be received either in-world or relayed to e-mail (if you are offline), encouraging you to visit a website and “confirm your details” in return for a L$1000 reward. The following is a typical example of such a message (as I received today, relayed via e-mail):

The object ‘Second Life’ has sent you a message from Second Life: Happy Holidays Everyone! Get 1000L just for signing up here and confirming your email –

Second Life is owned by FirestormRelease Resident

(Note that I have redacted a part of the URL short link to avoid any accidents with people copy/pasting it out of curiosity.)

This is a particularly insidious scam because it is using the names of SL’s two most widely used TPVs in order to gain a veneer of authenticity – notice the name of the avatar responsible for sending the message. This has prompted the Phoenix / Firestorm team to issue a cautionary Message of the Day warning, seen when logging in to either of their Viewers:

Multiple accounts are being used to circulate such messages – “FirestormRelease Resident”, the attribution for the message I received being just one. Indeed, when I contacted Jessica Lyon about this account name and location she replied, “I just got a bunch of those accounts shut down, however, if more show up please send me the SLurls to the objects and account names.”

How to Deal with a Scam Message

The important thing here is that if you are in receipt of such a message / e-mail either asking you to log-in to the SL website or which gives the impression it is associated with a valid group or organisation within SL (such as the Phoenix / Firestorm team as seen here), do not click on any link it contains or provide any information to the website you’re taken to if you do.

In respect of the SL log-in page, you can always test the validity of the page you are displaying prior to logging-in simply by looking at the URL. The genuine SL website log-in page will always commence with:, regardless of whether you are trying to log into your Dashboard or the Marketplace or your web Profile.

SL log-in page: the real McCoy (click to enlarge)

If the URL for the page contains any other information than this, regardless of how “real” the rest of the page may look, then the URL is bogus; do not follow it. An example of such a bogus URL which was circulated last month commenced: “http://marketplacesi.altavista…..”.

False prophet – note the (made up) URL (click to enlarge)

Where messages appearing to come from established in-world groups or organisations are concerned, check the message carefully and if you have any doubts at all, contact a representative of the group / organisation to verify whether the message is genuine or not.

If you have followed any such link and supplied information to a website / possibly had something download from the website, then you should:

  • At the very least, change your account password immediately
  • If you believe the account has already been tampered with, contact Linden Lab and inform them of the situation. They may lock the account while they investigate. Note that you’ll have to supply RL information in order for them to release it back to you
  • Raise an Abuse Report if you have sufficient information on the perpetrator. Contrary to popular myth, LL do take Abuse Reports seriously and will investigate
  • Run an anti-virus / malware sweep of your computer.

In the case of scam messages relating to Phoenix / Firestorm, you may wish to inform Jessica or a member of the team, so they can continue to work with LL to get bogus accounts shut down en masse.

Linden Lab are working pro-actively on matters as well – not long after I’d informed Jessica about “FirestormRelease Resident”, a representative from the Lab was on-hand investigating the location being used.

Related Links