Cybercriminals promise a “hefty” reward in return for some personal details

Sep 25, 2012 12:30 GMT  ·  By

Second Life customers are advised to be on the lookout for a shady website that promises 2,500L$ (Linden Dollars) in return for their credit card details.

Second Life is a virtual world developed by Linden Lab, where each user interacts with others via avatars. “Residents” can trade virtual property and services with L$ and this makes the platform attractive for cybercriminals.

Experts from security firm GFI Software have identified a poorly designed site made to trick users into participating in a survey that would allegedly win them 2,500 L$. While the amount may seem high, in reality, 2,500 L$ is equivalent to around $10 (8 EUR).

“Please verify your credit card and proceed the 2500$L Survey. You must confirm your credit card to complete the request. Second Life will don’t (sic) charge your credit card,” reads a message on the malicious website.

Once the unsuspecting customer enters his/her details and clicks on the “Confirm and Proceed” button, they’re taken to a second page where they’re presented this message: DECLINED! Contact Your Bank Institute.

Of course, at this point, the victim’s names, card number, card type, expiration date, verification code and country of residence are safely stored on a server controlled by the fraudsters.

However, if we take a look at the website before supplying them with the information, we can clearly determine that it’s not legitimate.

First of all, the connection is not secure. The main rule when handing over sensitive details is to check for the https string in front of the site’s URL to ensure that the information is being transmitted via secure channels.

Secondly, the poorly written messages are a clear indication of a scam. Why would a reputable company write “Second Life will don’t charge your credit card?”

Finally, the crooks made a mistake right from the start when they wrote “2500$L” because the correct symbol for Linden Dollars is “L$” not “$L.”