Have you ever rezzed
an object and received the message “Object wants access to take money from your
Linden Dollar account. If you allow, this it can take any or all of your money
from you at any time with no further warning or request.”?
The obvious response
would be to deny this request but Second Life isn’t always a place where logic
prevails and, for new users who learn to navigate through this virtual world by
clicking to see what happens, it leaves one wondering why Linden Labs would
permit Second Life vendors to use such a shady script.
When I asked about
this script on the Firestorm English Support chat line I received the following
responses;
Robo™ (robert0.siamendes):
dean, you can find that script in the LSL wiki site
Gena |
Gena S. Wilberg
(genafosters): (FS64 4.7.7v os) it is a standard script Dean used by every
vender I think outside of MP or at least very popular
When I asked about
this script in the Builder’s Brewery chat line I received the following
responses.
Pavl |
Pavl Duke: sadly any
script you give permission_debit to can indeed continue to take your money
while the object is rezzed
Erin |
Erin Rose
(nonspecific): There are also bogus "gift cards" that do the same
thing
Vince |
Vιɳƈҽ ™
(vincestriker): Once a script has the PERMISSION_DEBIT permission it can empty
an account of L$.
Fraud & theft are
both LL Terms of Service violations and crimes. Misuse this function and you
risk being banned and legal action. In addition LL may freeze the accounts of
anyone the money is transferred to and restore it to its rightful owners. This
may involve retrieving it from third party exchanges and accounts on those
exchanges being frozen. The system is not designed to be friendly towards
fraud.
It was also
recommended by members of Builder’s Brewery that I review the following links.
In addition to the
previous chat line responses, I was also contacted for private
conversations with SL Residents who had negative experiences with the
script.
Whispr |
Whispr εжз (whispr.xue): Hi Dean... I did just
get this script when I bought some ice skates off of Abranimations website...
it was attached to a affiliate vendor rezzing
Dean Lawson (deanlawson): Did you lose lindens
as a result of this script?
Whispr εжз
(whispr.xue): no... I didn't rez the vendor... I had clicked to "add
all" that was in the folder. It was in both the free skates: https://marketplace.secondlife.com/p/Super-Ice-Skates-Lite-Version-Xmas-2014/7229349 and the pay version: https://marketplace.secondlife.com/p/Super-Ice-Skates-Full-Version/6639169
When I asked if this
incident was reported to linden labs I received the following response.
Whispr εжз
(whispr.xue): Not yet, I am waiting to hear back from Abranimations regarding
it. I know Abranimations is a reputable vendor, and that they would not put any
such scripting in. If Abranimations did not put it into their affiliate
Vendor... then it is likely there was a dormant script put in by whoever
created the vendors, or somehow it was hijacked
When I asked Firestorm
Support if it was possible that the script might be placed in an object without
the vendor’s knowledge I received this reply;
Robo |
Robo™ (robert0.siamendes):
dean, this script has been in existence for a long time... idk how the script
can be embedded in the object unless the creator foolishly did the wrong permission
for that object... Also there have been in the past where scammers placed an
invisible object in front of the legit objects with that script in it
SL Resident tom45434
added this to the conversation;
Tom |
tom45434: I have firsthand
experience with those types of malicious scripts
Dean Lawson (deanlawson): Did you lose lindens
as a result of this experience?
tom45434: it’s been
happening very often everywhere in SL from stores/shops/gacha places breedables
everywhere....yes I did, but not as a bad as some of my other friends
Dean Lawson (deanlawson): How many lindens did
you lose?
tom45434: about 5000.
My friends lost nearly 200k together
Dean Lawson (deanlawson): Did you or your
friends report this to linden labs?
tom45434: yes
instantly, and then they got the linden back within a few hours
Dean
Lawson (deanlawson): Do you know if linden labs is doing anything to track down
the creator of this script?
tom45434: yes they
are, but it seems rather impossible as it’s a new avatar each time it’s done I
counted about 400 different alts so far each getting banned rather quickly, also
the script itself is a rather easy script to make and a lot of people could
make it within 15-20 minutes
Dean Lawson (deanlawson): Would it be futile
to publish the name of the creator of this script to try and warn other SL
Residents?
tom45434: yes as the creators
of the script only last in second life for a matter of hours or sometimes 10
hours at max
Dean Lawson (deanlawson): If the creator of
the script has their account deleted, where does the money go when it is
extracted from someone's account?
tom45434: the money is
frozen in the database till linden labs investigates where it all came from
then it’s returned to the rightful owners
Dean Lawson (deanlawson): It doesn't seem like
a very lucrative scam for the creator of this script, why do they create new
accounts?
tom45434: they create
new accounts to get past the bans that people do when they are found out, most
people when the money is stolen from them don't report it so this is how they
get the money and sometimes it’s never investigated till someone does report it.
Also, they target any place that has products like "gift cards" and
things that actually do require debit permissions and they copy the exact
product down to the script name. But the only true way to prevent this type of
malicious scripts is to "ALWAYS" check the creator of the object
""BEFORE"" clicking accept on the debit permissions it will
not take the money till its accepted, some objects require debit permissions in
order to work, but always verify the creator is the true creator first, even if
it does look exactly like a true product
Dean Lawson (deanlawson): Is it possible that
the creator of this script uses an account that is paid by the alt accounts
that are being used to create the script? In other words, I create account 1
then I create account 2 and use account 2 to perform this scam until I get
caught, while transferring the stolen lindens to account 1 which I use to
convert lindens into real dollars. Do you think this might be the manner by
which the creator of the script extracts money from SL, if so, what can Linden
Labs do to track down this person?
tom45434: yes its
possible they are doing this im pretty sure they are using this tactic right
now, but the way linden lab prevents this issue is there’s a 3 day delay on
Linden$ to real life money but in order for them to prevent this from happening
always, check the creator first before accepting debit permissions, and if it
does happen by accident then file a abuse report ASAP under Help/Report Abuse/
Select category "Fraud > L$ Or USD$ and remember to put the name of
that creator of that malicious script into the "Abuser name:" and
give as much details as possible. If it can be caught (Abuse Report Filed)
before the 3 days are up then it can be reversed. Linden labs can track it down
through all of the Alt accounts they send it to
Dean Lawson (deanlawson): thanks for answering
my questions Tom, is there anything else you would like the readers of this
article to know regarding this issue?
tom45434: yes one more
thing to state, this is for large companies here in SL, if these scammers want
to target those companies they will create a chain of these scams to steal the
linden then they "Gift" those funds that were stolen to that main
business account of the company that they are targeting, when someone reports
the stolen linden along the way all accounts get put on Admin Hold including
that innocent business account simply because that scammer didn't like them,
the best thing for these business owners to do if they receive a Error logging
in "Your Account has been put on Admin hold" Call Linden Labs ASAP
and also log into a Alt of theirs and file a Abuse Report to Appeal this Admin
Hold as they had nothing to do with it
When I asked Firestorm
Support how to report such an incident I received this reply;
Jeanie |
Jeanie Jupiter: (FS 4.7.7f) Help>Report
abuse... include the transaction details https://accounts.secondlife.com/transaction_history/?lang=en-US
While it seems to be
common sense to refuse access to any script that seems untrustworthy it might
also be prudent for Linden Labs to show more than just a “buyer beware”
attitude and to crack down on fraudulent scripts and SL Residents who use the
virtual world to grift a living. Allowing untrustworthy scripts to victimize
Second Life shoppers might discourage commerce and trade, just as street
criminals can discourage tourism. As someone who is relatively new to Second
Life there is a lot about scripts and the business of Linden transactions that
I may have overlooked, so I encourage anyone who reads this article to
share their opinion and experiences on this subject by leaving your comments or
contacting me directly.
Dean Lawson
SL Enquirer