News and Updates

Warning, and How To Spot a Scam

November 6th, 2023 by Lyle Maeterlinck

In Second Life, you may have received a message that looks like this:

Are you tired of paying your Linden Dollars?
Well, we have an interesting solution for you!
with our SecondLive Viewer, everything is free and open.
Unlock unlimited Linden Dollars (L$) for all your virtual adventures.
Fly to unlimited heights.
Build freely on any land of your choice.
And that’s just the beginning.
Link: https://urlz.fr/(redacted)
We’re grateful to everyone who joins us in our mission to make SecondLife entirely free.
Don’t miss out on this incredible opportunity!
Best regards.
note:
Linden Labs is currently attempting to shut down our site and blacklist the IP addresses used to host our free land.
we will not be fooled by a multinational that thinks it can do everything! Here is a direct download link in case our site goes down. https://mediafire.com/file/(redacted)

If it isn’t obvious to you, this is a phishing scam, and it is not a good idea to download the file they point to. Here are a couple of ways you can identify it as a scam. First, the URL shortener urlz.fr is used, this could forward to nearly anywhere, but it probably forwards to a domain the attacker controls. As soon as you visit it, it will know your IP address and other information about your computer. Anything you type into that website, they will get. Second, they make false claims. It isn’t possible for them to do what they are claiming they can do. The servers that track Lindens and control Second Life land are operated by Linden Labs, and they keep those resources secure. A custom viewer can’t get around this unless it is exploiting some vulnerability in the security of the Second Life servers, but that vulnerability can be patched by Linden Labs. What a viewer can do is collect your Second Life name and password and send it to an attacker who can then take over your account. For that reason, you shouldn’t use any third-party viewer that isn’t listed in the official third-party viewer directory. Also, never type your Second Life password into any site that you clicked on from a link. Type www.secondlife.com into your browser, or use a bookmark you made yourself. Someone could make a domain that is like www.secondlife.fakedomain.com. If you go to this site, you are really going to fakedomain.com, and www.secondlife is just a subdomain. If you own a domain, you can name subdomains whatever you want. Third, if they could hypothetically do what they are claiming, it would be crime. It is not wise to place any trust in online criminals or download things they link you to.

Good luck, and be careful out there!

Edit: here is someone who did some analysis on what the download actually does (spoiler: installs remote administration tools). This link is safe to click, you can see it goes to github.com.

Comments are closed.