...we uncover why most times you see "My account got hacked!" in places like the forums or IMVU Discussions. But were they hacked, or scammed somehow?phish·ing
to try to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one.
Phishing has been around for a very long time. There is a reason for that too. It works. It works perfectly even today. The best way to combat it, is to understand it a bit more. Say someone in IMVU contacts you, and tells you that your account is going to be banned for 25 years if you don't log into your account online, and reply to them, or whatever they ask you at that time. Then they give you a link that is NOT www.imvu.com. What do you do?
Well, first of all, flag the message. If it's really staff, they won't even care about you flagging it. Or you can wait and flag it a little bit later as well, no rush just yet. The next thing you should do is, check your email that is linked to your IMVU account. That's right, make sure you have a reliable email attached to your account. Yes, all of them. Now that you are at your email tab, you see anything from IMVU inc.? If you are about to be banned or have already been disabled, you will find a message in here from IMVU inc. who uses the email address email@example.com. Nice and cozy and safe, within the walls of your reliable, and private email address.
So now what? Is this message really from IMVU, and do I really need to log into the website they are trying to give me? Probably not. But hey, lets test this shall we? What? You don't wanna try and test it with your email address and password? Heck, I don't blame you, so here, let's just pretend.
So we click the link (DO NOT click the link if you haven't yet!) and find ourselves on a page. It looks exactly like the IMVU login page. But, is it? If you go up top, to the address bar, does it start with www.imvu.com? I bet it doesn't. I bet it looks kinda like it does, but something is different there. So, here are my thoughts on this. I think we are on a non-IMVU page, and truth is, we are already logged into IMVU. So let's delete all the crap out of this address bar, and just simply type www.imvu.com and hit enter. What do you think is going to show up? That's right, more than likely you will find, you are already logged into IMVU. So, why was that page telling you to log in there?
Ah right. That page was just a keylogger. It logs your email address and password, for someone else to use later. So now what to do? Well, I can't tell you what to do with that message yourself, just don't use it to log into IMVU. You can flag it, report it to IMVU staff, get them "busted" and they will be back on a new account in an hour maybe. You may do this a couple times a week even, but hey, now at least you learned this way, of protecting your account. Know anyone else who might need to learn this? Just shoot them a link directly to this post. Tell them Manda said, "Its story time, and I am the princess in this magic castle, wanting to take your mind on an educational..." Sorry, pain med's just kicked in, I think it's time for bed.
If interested I found some additional information of this type of scam, and how you can keep your bank accounts, pixelpusher.info account, match.com, or even your hellokittyland.com account safe too.
http://www.pandasecurity.com/mediacente ... g-attacks/