Annoying Hunt December is here! Two random unmarked items at the store are marked 75% off tomorrow, Dec 19th! The hard part is finding them!

Hint: The queen of all accessories

VIP members, don’t forget to grab your free gift for December! This pack of shimmery eyeshadows and lipsticks is perfect for the season. EvoX 2K BOM only.

VIP members receive 5% cash back on regular in store purchases plus a monthly gift! 250L to join and there are now over 4 years of gifties available!

COAL!?

In previous years I made some joke gifts that were coal themed, and some folks missed grabbing those. So I put them out in the store as a hunt item! Look for the lump of coal to get the gift. I hid it REALLY WELL so good luck!

And last, 50% Karma and Nude Lace nails at The Outlet!

It’s Black Friday weekend at CAZIMI & Cardistry!

50% off everything but gift cards
50% off CAZIMI VIP group entry fee (free monthly gifts!)

TP to the main store: http://maps.secondlife.com/secondlife/CAZIMI/118/134/23

Updated, now with Legacy appliers! Available for 55L per applier pack (99L for fatpack) all weekend long at the main store.

New at eBODY Reborn Event, Vintage Christmas Nails in Glossy and Glitter packs. Appliers for CAZIMI, eBODY, Legacy, Maitreya, Omega and Prima.

Back to Basics and Pumpkin Spice Nails now with Legacy appliers! 55L per applier type with discounted fatpack available all weekend long at the main store

NEW at Designer Showcase! Dark Botanical Nails with appliers for CAZIMI, eBODY, Legacy, Maitreya, Omega & Prima. We also have the November Rain nails on sale, 50% off at Designer Showcase!

NEW Dark Botanical Rugs at Designer Showcase for Cardistry. We also have two other rug sets, Watercolor and Persian, on sale for 50% off at the event.

We’re talking about those accounts lately that are spamming groups with links to Marketplace. They will hit multiple groups, all with the same message, before the account is reported and locked down by LL.

These accounts have been hacked, and are likely being run by a bot. There is no point shaming them or replying, there is likely no actual person there to see what you write. The person the account actually belongs to will have to submit a help ticket to Linden Labs to try to get their account back. They may also find their account is drained of all money.

Once the hacker has an account, they can use a bot to send out messages in large groups that contain FAKE Marketplace accounts. These usually offer some kind of “Free” or discounted item that a lot of people may want such as a free head, skin, etc. Once someone clicks on this fake link it will prompt them to log in with their SL account information, which will then give their account info to the hacker. The hacker uses it to log in as this new account, sending more scam links.

But that’s not the only way these scams work. How did they get accounts in the first place? With password guessing programs that can use a list of known passwords and find accounts with easy to guess passwords. Is your password something like your birth year or some other number, and a word or name? Your account is vulnerable to this type of attack. You don’t have to click on a link or log into a fake website to get hacked, they can just use a program to spam accounts with guessed passwords, and yours may be one of the accounts hit. Have you ever seen the movie Hackers, where they talk about the most commonly used passwords? It’s that, but now it’s a program guessing and the passwords are a bit more complicated.

The bots hackers use may also be able to farm information from you and your profile. They could store away names of avatars that chat in group chat, look at your profile to gather group names to join and post more fake links in, etc.

How to prevent your account from being hacked

1. To prevent your password from being guessed, make your password too strong for a program to easily guess it. At least 12 – 16 characters long with a mix of upper & lower case, numbers, & symbols. No dates, no words. It should look like your cat walked on your keyboard. THIS IS EXTREMELY IMPORTANT. PLEASE DO THIS, EVEN IF IT IS A PAIN IN THE ASS!
2. Enable Two Factor Authentication on your SL accounts. This uses a program which generates codes you can get on an app on your phone. Whenever a new device attempt to log into your account, it will be prompted to enter the authentication code. Since the hacker doesn’t have your phone, they can’t get this code, and won’t be able to log in. To enable this, go to the website secondlife.com and log in. On the right, look for the word “Account” near the top and click that. Then, in the submenu, find “Multifactor Authentication” and follow the instructions. THIS IS ALSO VERY IMPORTANT! IT IS WORTH TAKING A FEW MINUTES TO SETUP AS THIS CAN BE THE ONLY THING BETWEEN YOU AND A SCAMMER TAKING OVER YOUR ACCOUNT.
3. Do not click on any links in group chat. Group chat is mainly where these scams are being sent.
4. Do not log into any website with your SL account info UNLESS you have navigated to it yourself. Don’t follow links to any SL webpage. Type it into your browser and log in there. That prevents you from accidentally using a fake website posing as an SL one, and entering your SL account info which the hacker will then have access to.
5. Report every account you see sending fake links. This way LL can lock down the account and less people will be exposed to the scam. You can also block them if you don’t want to keep seeing their messages in groups.
6. Make all your groups in your profile invisible. Hacked accounts may farm groups to attack by looking at the list of groups in your profile.
7. When you see one of these fake MP links spammed in a chat, try not to respond. This may give the program your account name to be used for future attacks. These hacked accounts are usually being run by a program, so there is no one there to talk back to anyway.
8. Do not use obscure viewers to log in. Make sure any viewer you use is legit.
9. Whatever viewer you use, keep it updated. Updates often include new security features and patch up any vulnerabilities.
10. Never share your log in information, even with friends. Not only is it against the Terms of Service, but it is a serious risk.
11. Never buy or sell $L on any website but secondlife.com and never believe you need to log in on any webpage to get free money or gifts. Free stuff and discounts are common scams. Any store offering gifts or discounts will make them available in their main store, not on a 3rd party website.