Stop Phishing Links being posted in Group Chat
tracked
Abysinnia Resident
Lately a lot of SL groups have been getting hit by spammers posting phishing links that look like real Marketplace stores. Here’s an example of the kind of thing going around:
[12:16:37] Rẙaḽīể (ryalie): New store!
Outfit + Shape, Everything is free, limited quantity https://marketplacsecondlife-style-body-mesh-catwa-185089.store
It’s clearly meant to trick people, and residents are falling for it because it looks close-ish to a legit SL URL. People are losing their Lindens because their accounts become compromised, thinking they’re logging into a trusted site. The scammers then use those compromised accounts to spam other groups (sometimes even pay-to-join ones), which just keeps the cycle going and leads to more stolen Lindens and MORE hacked accounts.
My suggestion is to remove clickable URLs in group chat and IMs unless they’re from trusted sites. Maybe have a whitelist for known, safe domains like:
Or other KNOWN and trusted sites. Everything else could just show up as plain text or with a warning before opening. Other possible options could include: color-coding links (safe ones in green, unverified ones in grey or red), adding a short delay before opening non-trusted URLs (“This link will open in 5 seconds”), or even giving users a setting in Preferences to allow clickable links from trusted domains only.
This would stop a lot of the spam and protect people from phishing. It would also cut down the workload for in-world group moderators (who constantly have to boot spammers) and reduce support tickets from compromised accounts; meaning less work for your support team, cost savings for you, and a safer experience for everyone.
Thank you!
Log In
Zoe Starling
I believe that group owners should have a choice as to who can post links in their groups. Owner Only Owner & Staff (they enter the names of helpers or their alts) This would solve the problem right there and if one of their helpers or alts is compromised the ability to remove them immediately.
Spidey Linden
Merged in a post:
Reducing Phishing Through Automatic Link Blocking and Redirection
K
KingVampilicious Rhapsody
Phishing has been on the rise across Second Life, as many residents are already aware, and it has become an increasingly persistent issue. In most cases, these attacks rely on the same malicious link being reused repeatedly rather than constantly changing URLs. Because of this pattern, one possible solution would be to block the specific link that is being widely circulated and abused. Proactively filtering or blacklisting the known phishing URL could significantly reduce its spread and limit user exposure. This approach would also help protect less experienced users who may not immediately recognize a fake or misleading link. Additionally, it could reduce the overall effectiveness of phishing attempts by cutting off their primary delivery method. Another idea would be to automatically intercept the link if someone tries to type or share it in chat. Instead of allowing the malicious URL to appear, the system could default or redirect it to the official www.marketplace.secondlife.com website. This would both prevent harm and subtly educate users on the correct and legitimate destination.
Beatrice Voxel
Filtering inworld links through some kind of proxy would be useful. The main problem is, how does one admin the proxy? Does it only allow LL-operated domains? This would be reasonable for a starting point. But I think it would also need to whitelist services that residents use a lot, such as Discord, Gyazo, Primfeed, and Flickr.
Another option is for LL to subscribe to a DNS-level filtering service such as Cloudflare's OpenDNS service. Every link accessed from the platform would be checked at the DNS lookup stage, and if the result came back as "phishing" or "scam", the page returned would be "This is a suspected phishing site." This would force the person accessing the link to copy it and paste it into an external browser, rather than simply clicking through. I'd also advise that the "open in external browser" button send the proxy's address with the URL embedded, rather than the direct URL, that way you'd slow down those who don't use the viewer's internal browser, only use it for LL domains, or habitually relay it to their OS browser when the internal viewer's page doesn't load.
Fionne Burleigh
I am not a techy person, but something certainly need to be done to address this phishing issue proactively rather than on the backside. Chats get slammed, members get anxious about every link shared, accounts get hijacked and real people have money and personal information stolen. It used to be having payment information on file was a good thing - now it leaves accounts vulnerable to criminals. I was away from Second Life for 8 years, but I seem to remember a time when LL would sometimes flash a popup window in world with official information. At the very least could this be done when a round of phishing starts?
Dana Enyo
I'm not sure what the best solution is, but it does seem like something could be in place to catch these.
DJ Setzer
I proposed what I believe would be a logical and proper solution to the issue. https://feedback.secondlife.com/feature-requests/p/the-end-to-phishing-spam-links
Certified Lunasea
DJ Setzer Your proposal is indeed a logical and proper solution to the issue for group chats. As for public chat it would still be vulnerable to such things but a set of viewer based settings could cover that in the same manner at the individual user level for local chat (if a user desires to use such at all).
Madi Melodious
How about the viewer put up a warning when someone posts a link that goes outside the SL environment. Links to marketplace, the canny, and other would be automatically white listed, where other would open a warning first. Then offer a option to whitelist the site in the future or block it. There would also be a option in the preferences to turn this feature off if you want to live on the edge.
GreenLantern Excelsior
It seems like most of the phishing links contain the word "marketplace," which fools people too easily. How about prohibiting URLs from being sent in notices or group chats if they contain the word "marketplace" but are not followed by ".secondlife.com"?
Kilolo Jenkins
While I don't necessarily agree that clickable links should be removed from group chat IMs, I do think a better way of controlling who can and can't post them would be a good idea.
I like the idea that if it's an official SecondLife/Linden Lab link (like mp/sl sites) deserves special icons (which according to someone who said this earlier is happening in TPVs). And if it's an officially known site, even that could work.
While many groups have already stated in their rules (and regularly) that group members can not/should post links in the group chat, this often gets ignored. Yes, some groups have consequences to this, but many don't.
A possible solution would be to limit external link posting to certain roles as opposed to removing the ability as a whole. Or limit the type of links certain roles can post (like allowing certain members to only post internal links like profile links, SLurls, group links while allowing higher roles to post external links).
Example #1:
In free gift/special offer groups, many creators and/or their staff post SLurls to internal locations. Perhaps make it where anyone in the everyone role can post internal SL links but not external links.
Example #2:
Moderators who are assisting their group members (or designated staff with a specific role) would be able to post an external URL to say a store's blog/flickr/primfeed/bitly/gyazo link. Non-role carriers (ie. everyone) would not be able to post those links in a public chat.
Lucky Clover
I think the links should still be clickable in most instances, but Do think 'legitimate' links from second life urls should have some sort of icon, like the little SL hand or something, before or after.
A human-reviewed global blacklist that adds some sort of 'potentially unsafe' icon to things might be clearer to people to think twice, rather than just wondering why something isn't clickable.
Additional blacklist possibility of regex marking links including "secondlife" (and similar SL-specific related words) that aren't on .com URLs?
Like a stoplight green/yellow/red on them, yellow being 'unknown but not yet reviewed' or something. LL keeps making everything blue lately, so could even do SL-specific as blue and save green for well-known/human reviewed to be safe sites, for funsies.
Any sort of full whitelist does present the issue of 'known, safe' domains that simply weren't thought of to include in any whitelist-based system though, so it'd have to stay vague on most platforms between 'SL official' and 'we looked and its bad' URLs.
AlettaMondragon Resident
Lucky Clover "Additional blacklist possibility of regex marking links including "secondlife" (and similar SL-specific related words) that aren't on .com URLs?"
That's a good idea, in some cases they would be on .com domains but quite sure if they used AI to check group chat messages before delivering them, it could spot the fake SL links easily. The question is, since group IM delivery tends to fail anyway, how much impact would such a scan have on it - how much more would the whole thing fail in general?
Load More
→