Linden Lab Official:Email Scam (Phishing) FAQ
What is "phishing"?
Many Internet fraudsters have adopted the practice of "phishing": Farming the internet for unsuspecting people who can be tricked into giving away personal information, such as passwords, credit card information, etc. The most popular methods involve creating fake emails and Web sites that resemble those of a legitimate company (such as Linden Lab). People who enter information into these fake forms and sites can quickly become victims of identity theft. With a few simple precautions, however, you can protect yourself from being vulnerable to "phishing".
How do "phishing" emails work?
Most of these fake emails have several traits in common:
- Fake email address: Many fake emails include a forged From: header that may be a real email address. For example: From: email@example.com From: firstname.lastname@example.org From: email@example.com The From: address can be forged. Never trust an email just because it says it's from secondlife.com or lindenlab.com.
- Your account is in danger: Many fake emails will try to trick you into thinking your account is on administrative review, or otherwise in danger, and that you will lose the ability to use Second Life. You can always view your account status under My Account on the Second Life website.
- Urgency: Fake emails often claim that they require immediate action, or else your account may be terminated, your inworld information may be deleted, or you may face charges.
- Attachments: Emails from Linden Lab never include attachments. Do not open attachments in a suspicious email, even if they appear to be innocent (like a .txt file). Scam artists can use several tricks to try to hide the filename of a more dangerous file (like an executable or .SCR file). Attachments may be malicious files that may not be picked up by virus detection programs.
- Links in the message: Of course, many legitimate Second Life messages include links. With a fake email, these links can be forged, just like a From: address, leading you to a different website (created by someone other than Linden Lab) that may look like the Second Life website.
- Asks for personal information: Most of all, fake emails will ask for your login name, password, real name, or other identifying personal information. Any email that asks for personal information, or includes a form to fill out within the email, is very likely a fake email.
|Note: Linden Lab NEVER asks for your Second Life password, your credit card details, or other personal information via email!|
If you have any doubt as to whether an email is real, close all your web browser windows, open a fresh new web browser window, visit http://secondlife.com, and perform the action that was requested. Never click on a link in an email you're unsure about, especially if it's asking for personal or account information.
How do I report a fake email?
Forward it to firstname.lastname@example.org.
What precautions can I take to prevent phishing?
- If you receive a suspicious email, forward it to email@example.com and delete it.
- If you receive a suspicious IM, file an abuse report against the sender even if the sender looks like your friend. After stealing an account, a fraudster often tries to trick the victim's friends.
- If you feel your account has been compromised, contact Second Life Billing through the Support Portal right away. (Better yet, call us at the number provided on the Support Portal)
- Keep your antivirus software up-to-date and scan for viruses regularly.
- You can change your account password; do so frequently to keep your account secure. If you suspect you've already clicked a phishing link, change your password immediately.
- If you have multiple accounts, use a different password for each account.
- Never reuse your Second Life password for your email account or any other website.
- Your password should be easy for you to remember, but hard for others to guess.
- If you think you entered your credit card information into a fake email or website, contact your bank immediately!