Linden Lab Official:Email Scam (Phishing) FAQ

From Second Life Wiki
Jump to: navigation, search
Ll color vert 100.gif
Official Linden Lab® Information: You may access and link to this page, but you may not copy, distribute, modify, adapt, or translate any content on this page. This content is subject to the Terms of Service and is not available under the Creative Commons or any other license.

Have a suggestion to improve this page? Contact us.


What is "phishing"?

Many Internet fraudsters have adopted the practice of "phishing": Farming the internet for unsuspecting people who can be tricked into giving away personal information, such as passwords, credit card information, etc. The most popular methods involve creating fake emails and Web sites that resemble those of a legitimate company (such as Linden Lab). People who enter information into these fake forms and sites can quickly become victims of identity theft. With a few simple precautions, however, you can protect yourself from being vulnerable to "phishing".

How do "phishing" emails work?

Most of these fake emails have several traits in common:

  • Fake email address: Many fake emails include a forged From: header that may be a real email address. For example: From: support@secondlife.com From: billing@secondlife.com From: abuse@secondlife.com The From: address can be forged. Never trust an email just because it says it's from secondlife.com or lindenlab.com.
  • Your account is in danger: Many fake emails will try to trick you into thinking your account is on administrative review, or otherwise in danger, and that you will lose the ability to use Second Life. You can always view your account status under My Account on the Second Life website.
  • Urgency: Fake emails often claim that they require immediate action, or else your account may be terminated, your inworld information may be deleted, or you may face charges.
  • Attachments: Emails from Linden Lab never include attachments. Do not open attachments in a suspicious email, even if they appear to be innocent (like a .txt file). Scam artists can use several tricks to try to hide the filename of a more dangerous file (like an executable or .SCR file). Attachments may be malicious files that may not be picked up by virus detection programs.
  • Links in the message: Of course, many legitimate Second Life messages include links. With a fake email, these links can be forged, just like a From: address, leading you to a different website (created by someone other than Linden Lab) that may look like the Second Life website.
  • Asks for personal information: Most of all, fake emails will ask for your login name, password, real name, or other identifying personal information. Any email that asks for personal information, or includes a form to fill out within the email, is very likely a fake email.
KBnote.png Note: Linden Lab NEVER asks for your Second Life password, your credit card details, or other personal information via email!

If you have any doubt as to whether an email is real, close all your web browser windows, open a fresh new web browser window, visit http://secondlife.com, and perform the action that was requested. Never click on a link in an email you're unsure about, especially if it's asking for personal or account information.

How do I report a fake email?

Forward it to phishing@secondlife.com.

What precautions can I take to prevent phishing?

  • If you receive a suspicious email, forward it to phishing@secondlife.com and delete it.
  • If you receive a suspicious IM, file an abuse report against the sender even if the sender looks like your friend. After stealing an account, a fraudster often tries to trick the victim's friends.
  • If you feel your account has been compromised, contact Second Life Billing through the Support Portal right away. (Better yet, call us at the number provided on the Support Portal)
  • Keep your antivirus software up-to-date and scan for viruses regularly.
  • You can change your account password; do so frequently to keep your account secure. If you suspect you've already clicked a phishing link, change your password immediately.
  • If you have multiple accounts, use a different password for each account.
  • Never reuse your Second Life password for your email account or any other website.
  • Your password should be easy for you to remember, but hard for others to guess.
  • If you think you entered your credit card information into a fake email or website, contact your bank immediately!