Phishing: Lab issues reminder on account security

There has recently been another round of phishing attempts to get second Life Users to try to provide their account credentials.

As a result of these attempts, on Friday March 11th 2016, Linden lab issued a reminder to users on the subject of account security in the form of a blog post.

In keeping with the request from the Lab to share the information,  I’m reproducing the blog post in full below:

As with any online service, Second Life Residents may from time to time be targeted with phishing attempts, which try to trick users into providing personal information and account credentials.

These attempts may include messages – including in-world IMs and emails trying to appear as if they were sent from Linden Lab – that prompt you to click on a link and/or provide personal information.

To help keep yourself safe from these tricks, remember: 

  • If you receive a suspicious email, forward it to and delete it.
  • If you receive a suspicious IM, file an abuse report against the sender even if the sender looks like your friend. After stealing an account, a fraudster often tries to trick the victim’s friends.
  • If you feel your account has been compromised, contact Second Life Billing through the Support Portal right away. (Better yet, call us at the number provided on the Support Portal)
  • Keep your anti virus software up-to-date and scan for viruses regularly.
  • You can change your account password; do so frequently to keep your account secure. If you suspect you’ve already clicked a phishing link, change your password immediately.
  • If you have multiple accounts, use a different password for each account.
  • Never reuse your Second Life password for your email account or any other website.
  • Your password should be easy for you to remember, but hard for others to guess.
  • If you think you entered your credit card information into a fake email or website, contact your bank immediately!

For more info, check out this page on the wiki.

Help your fellow Second Life Residents keep their accounts secure by sharing this post with them. Bookmark it, and the next time you see phishing attempts in group chat, share this post to help educate others. You can help put phishers out of business.



8 thoughts on “Phishing: Lab issues reminder on account security

  1. Reblogged this on Magick Thoughts of Second Life and commented:
    Keep your account safe! Be wise and DO NOT share any account details with anyone, not even if you know them. Scammers will try anything. I am Reblogging this because I care about all of my readers and friends. As Always please stay tuned for my next blog post, you will not be disappointed!
    Much Love~AmandaMagick~


  2. In my opinion, the lab needs to move immediately to require 2 factor authentication on all account logins.the amount of potential for theft and the amount of money in SL is just too high. Accounts that cannot login with 2 factor should have all L$ transactions suspended for that session. Security requires work and some sacrifice on behalf of those wanting to be secire, SL needs 2 factor authentication.


  3. Given how much money people invest to their SL accounts, I’m kinda surprised there are no plans to strengthen the login process – for example, with an “authenticator” app like many online games do, or even with the U2F key like used by Google or Dropbox. (Those keys start at $7, and many SL accounts are worth way more than that…)


  4. Thankfully, my internet security picks it up and blocks it every time I log in. As Rasa said, it’s surprising LL don’t offer an authenticator. I know SL isn’t really an MMORPG, but even Blizzard Entertainment offers authenticators.


  5. My SL account was accessed while I was logged in two days ago, and thousands of L$ came pouring into it – with a few withdrawals thrown into the mix.

    I do have excellent security on my pc (no freebies, either) and every time I’m in the process of being logged in – since the day I joined – it gives me a message that it’s blocking phishing attempts – while ‘attempt 2’ at logging in during the login process also flashes across the screen. So that phishing attempt appears to be coming directly from SL’s end, no one else’s.

    Would it be a surprise to discover an LL employee/associate was responsible for it? Not really, no. Wherever you find code monkeys, there’s always going to be the potential for greed and mischief.

    In any event, all of this occurred within the space of just a few minutes and began with a L$2499 withdrawal from my SL account with a notification telling me that I’d just purchased something from ‘The Shops Region’ (does any such region exist?) – which I hadn’t.

    The moment I realized my account was compromised, I changed all passwords to absolutely everything in my life and contacted both my bank and PayPal.

    They’re not terribly bright criminals, because despite their every attempt after that being declined/denied, they kept trying for a while longer.

    For the record, no one has access to my computer (nor passwords or accounts to anything – and I don’t use ‘password managers’ because I think they’re just trouble waiting to happen) – and even if they could sit down in front of it and touch it, they’d have a world of headaches trying to work their way through a maze of security just to use the thing.

    The upshot is that the criminal/s managed, in just those few short minutes, to take roughly $360.00 USD from my bank account via PayPal, which was linked to my SL account.

    Meanwhile, PayPal were utterly useless and dismissively claimed it had nothing to do with them. So much for PayPal’s Duty of Care to customers (required by law in Australia, at least).

    I haven’t bothered reporting to LL yet because, from all I’ve been able to gather, they’re about as helpful as a wet paper bag in a hail storm – all they’ll do is close or freeze my account while pretending to investigate and they won’t actually achieve anything.

    I don’t need more headaches and wasted time.

    The most helpful and action-oriented of the lot has been my bank (never thought I’d hear myself say this, but I love Westpac!), who had the intelligence to recognize suspicious activity, immediately cancelled my card, and re-issued a new one.

    While I don’t care so much about the money I’ve lost, I DO care that Linden Research Inc should get their act together on security issues, stop phiffing and phaffing about, and start providing REAL security for residents.

    I’d suggest they do what Blizzard Entertainment does and offer every customer/resident the option to buy an Authenticator – a small thing you can attach to your key ring that provides you with a different security code every time you log into your SL account (or in Blizzard’s instance, World of Warcraft account).

    Blizzard Entertainment only charge $5.00 USD for authenticators – it’s not an expensive thing to do and they last for years – so unless LL are just being anal about not wanting to spend money on anything that’s not Sansar related, then there’s absolutely no reason and no excuse why they haven’t done so a long time ago.


Comments are closed.