Difference between revisions of "Linden Lab Official:Email Scam (Phishing) FAQ"

From Second Life Wiki
Jump to navigation Jump to search
(Initial Parature import)
 
 
(23 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{Seal}}
{{KBmaster}}
 
{{Online Safety Guidelines}}
 
__TOC__
 
<br clear=all/>
==What is "phishing"?==
==What is "phishing"?==


Many Internet fraudsters have adopted the practice of "phishing": Farming the internet for unsuspecting people who can be tricked into giving away personal information, such as passwords, credit card information, etc. The most popular methods involve creating fake emails and Web sites that resemble those of a legitimate company (such as Linden Lab). People who enter information into these fake forms and sites can quickly become victims of identity theft. With a few simple precautions, however, you can protect yourself from being vulnerable to "phishing".
Many Internet fraudsters have adopted the practice of "phishing": Farming the internet for unsuspecting people who can be tricked into giving away personal information, such as passwords, credit card information, etc. The most popular methods involve creating fake emails and Web sites that resemble those of a legitimate company (such as Linden Lab). People who enter information into these fake forms and sites can quickly become victims of identity theft. With a few simple precautions, however, you can protect yourself from being vulnerable to "phishing".


==How do "phishing" emails work?==
==How do "phishing" emails work?==


Most of these fake emails have several traits in common:
Most of these fake emails have several traits in common:


* '''Fake email address''': Many fake emails include a forged '''From:''' header that may be a real email address. For example: From: support@secondlife.com From: billing@secondlife.com From: abuse@secondlife.com The '''From:''' address can be forged. Never trust an email just because it says it's from secondlife.com or lindenlab.com.
* '''Fake email address''': Many fake emails include a forged '''From:''' header that may be a real email address. For example: From: support@secondlife.com From: billing@secondlife.com From: abuse@secondlife.com The '''From:''' address can be forged. Never trust an email just because it says it's from secondlife.com or lindenlab.com.
*
* '''Your account is in danger''': Many fake emails will try to trick you into thinking your account is on administrative review, or otherwise in danger, and that you will lose the ability to use Second Life. You can always view your account status under '''My Account''' on the Second Life website.
* '''Your account is in danger''': Many fake emails will try to trick you into thinking your account is on administrative review, or otherwise in danger, and that you will lose the ability to use Second Life. You can always view your account status under '''My Account''' on the Second Life website.
*
* '''Urgency''': Fake emails often claim that they require immediate action, or else your account may be terminated, your inworld information may be deleted, or you may face charges.
* '''Urgency''': Fake emails often claim that they require immediate action, or else your account may be terminated, your inworld information may be deleted, or you may face charges.
*
* '''Attachments''': Emails from Linden Lab never include attachments. Do not open attachments in a suspicious email, even if they appear to be innocent (like a .txt file). Scam artists can use several tricks to try to hide the filename of a more dangerous file (like an executable or .SCR file). Attachments may be malicious files that may not be picked up by virus detection programs.
* '''Attachments''': Emails from Linden Lab never include attachments. Do not open attachments in a suspicious email, even if they appear to be innocent (like a .txt file). Scam artists can use several tricks to try to hide the filename of a more dangerous file (like an executable or .SCR file). Attachments may be malicious files that may not be picked up by virus detection programs.
*
* '''Links in the message''': Of course, many legitimate Second Life messages include links. With a fake email, these links can be forged, just like a '''From:''' address, leading you to a different website (created by someone other than Linden Lab) that may look like the Second Life website.
* '''Links in the message''': Of course, many legitimate Second Life messages include links. With a fake email, these links can be forged, just like a '''From:''' address, leading you to a different website (created by someone other than Linden Lab) that may look like the Second Life website.
*
* '''Asks for personal information''': Most of all, fake emails will ask for your login name, password, real name, or other identifying personal information. Any email that asks for personal information, or includes a form to fill out within the email, is very likely a fake email.
* '''Asks for personal information''': Most of all, fake emails will ask for your login name, password, real name, or other identifying personal information. Any email that asks for personal information, or includes a form to fill out within the email, is very likely a fake email.
*
{{KBnote| Linden Lab NEVER asks for your Second Life password, your credit card details, or other personal information via email!}}
 
 
{{KBnote| '''Note:''' Linden Lab NEVER asks for your Second Life password, your credit card details, or other personal information via email!
}}
 
 
If you have any doubt as to whether an email is real, close all your web browser windows, open a fresh new web browser window, visit http://secondlife.com, and perform the action that was requested. '''Never click on a link in an email you're unsure about''', especially if it's asking for personal or account information.


If you have any doubt as to whether an email is real, close all your web browser windows, open a fresh new web browser window, visit [http://secondlife.com/ http://secondlife.com], and perform the action that was requested. '''Never click on a link in an email you're unsure about''', especially if it's asking for personal or account information.


==How do I report a fake email?==
==How do I report a fake email?==


 
Forward it to [mailto:phishing@secondlife.com phishing@secondlife.com].
Forward it to security@secondlife.com.
 


==What precautions can I take to prevent phishing?==
==What precautions can I take to prevent phishing?==


 
* If you receive a suspicious email, forward it to [mailto:phishing@secondlife.com phishing@secondlife.com] and delete it.
* If you receive a suspicious email, forward it to security@secondlife.com and delete it.
* If you receive a suspicious IM, file an abuse report against the sender even if the sender looks like your friend. After stealing an account, a fraudster often tries to trick the victim's friends.
*  
* If you feel your account has been compromised, contact Second Life Billing through the [http://secondlife.com/support Support Portal] right away. (Better yet, call us at the number provided on the [http://secondlife.com/support Support Portal])
* If you feel your account has been compromised, contact Second Life Billing through the Support Portal right away. (Better yet, call us at the number provided on the Support Portal)
*
* Check your account status regularly by visiting secondlife.com.
*
* Keep your antivirus software up-to-date and scan for viruses regularly.
* Keep your antivirus software up-to-date and scan for viruses regularly.
*
* You can [https://community.secondlife.com/t5/English-Knowledge-Base/Password-and-account-information/ta-p/700017#Section_.3 change your account password]; do so frequently to keep your account secure. If you suspect you've already clicked a phishing link, change your password immediately.
* You can change your account password; do so frequently to keep your account secure.
* If you have multiple accounts, use a different password for each account.  
*
* Never reuse your Second Life password for your email account or any other website.
* If you have multiple accounts, use a different password for each account.
* Your password should be easy for you to remember, but hard for others to guess.
*  
* It's good to use both letters and numbers in your password. Your password should be easy for you to remember, but hard for others to guess.
*
* If you think you entered your credit card information into a fake email or website, contact your bank immediately!
* If you think you entered your credit card information into a fake email or website, contact your bank immediately!
*




Remember, if you have any questions as to whether an email is from Linden Lab, just call us!
[[Category:Problems or Questions Outside Second Life]]
[[Category:Legal Questions]]
[[Category:General Abuse and Griefing Information]]
[[Category:Policies]]
[[Category:Policies]]
[[Category:FAQs]]
[[Category:Security Alerts]]
[[Category:I&#39;m having account problems]]
[[Category:Knowledge Base]]

Latest revision as of 11:35, 11 March 2016


What is "phishing"?

Many Internet fraudsters have adopted the practice of "phishing": Farming the internet for unsuspecting people who can be tricked into giving away personal information, such as passwords, credit card information, etc. The most popular methods involve creating fake emails and Web sites that resemble those of a legitimate company (such as Linden Lab). People who enter information into these fake forms and sites can quickly become victims of identity theft. With a few simple precautions, however, you can protect yourself from being vulnerable to "phishing".

How do "phishing" emails work?

Most of these fake emails have several traits in common:

  • Fake email address: Many fake emails include a forged From: header that may be a real email address. For example: From: support@secondlife.com From: billing@secondlife.com From: abuse@secondlife.com The From: address can be forged. Never trust an email just because it says it's from secondlife.com or lindenlab.com.
  • Your account is in danger: Many fake emails will try to trick you into thinking your account is on administrative review, or otherwise in danger, and that you will lose the ability to use Second Life. You can always view your account status under My Account on the Second Life website.
  • Urgency: Fake emails often claim that they require immediate action, or else your account may be terminated, your inworld information may be deleted, or you may face charges.
  • Attachments: Emails from Linden Lab never include attachments. Do not open attachments in a suspicious email, even if they appear to be innocent (like a .txt file). Scam artists can use several tricks to try to hide the filename of a more dangerous file (like an executable or .SCR file). Attachments may be malicious files that may not be picked up by virus detection programs.
  • Links in the message: Of course, many legitimate Second Life messages include links. With a fake email, these links can be forged, just like a From: address, leading you to a different website (created by someone other than Linden Lab) that may look like the Second Life website.
  • Asks for personal information: Most of all, fake emails will ask for your login name, password, real name, or other identifying personal information. Any email that asks for personal information, or includes a form to fill out within the email, is very likely a fake email.
KBnote.png Note: Linden Lab NEVER asks for your Second Life password, your credit card details, or other personal information via email!

If you have any doubt as to whether an email is real, close all your web browser windows, open a fresh new web browser window, visit http://secondlife.com, and perform the action that was requested. Never click on a link in an email you're unsure about, especially if it's asking for personal or account information.

How do I report a fake email?

Forward it to phishing@secondlife.com.

What precautions can I take to prevent phishing?

  • If you receive a suspicious email, forward it to phishing@secondlife.com and delete it.
  • If you receive a suspicious IM, file an abuse report against the sender even if the sender looks like your friend. After stealing an account, a fraudster often tries to trick the victim's friends.
  • If you feel your account has been compromised, contact Second Life Billing through the Support Portal right away. (Better yet, call us at the number provided on the Support Portal)
  • Keep your antivirus software up-to-date and scan for viruses regularly.
  • You can change your account password; do so frequently to keep your account secure. If you suspect you've already clicked a phishing link, change your password immediately.
  • If you have multiple accounts, use a different password for each account.
  • Never reuse your Second Life password for your email account or any other website.
  • Your password should be easy for you to remember, but hard for others to guess.
  • If you think you entered your credit card information into a fake email or website, contact your bank immediately!