The End To Phishing Spam Links
tracked
DJ Setzer
As has been noted over and over again, the increase in phishing spam links is or has gotten out of control. In the following, I propose a practical way in which to address this issue which would seriously curb the issue if not altogether get rid of such an activity.
- Create new role abilities.
- New abilities would have defined rules for group owner, group moderator(s) or other trusted individuals to be the only allowed individuals to post links in a group.
- Sub-classification for members who don't fit the aforementioned roles to be allowed only to post image links from known/well established image sharing sites. (This too should have a on/off toggle to prevent any type of abuse as needed)
- Group owners/moderators can have/create an allowed list of URL's that are permitted in their group. Example: Marketplace.secondlife.com Defining permitted URLs allows only those that are an exact match and prevents misspelled and misleading links.
- In the event a user attempts to post outside of their role abilities, the post is blocked from being sent and user notified as to why.
In the above proposed solution, spammers would not by default be allowed to post spam links in any group as the default persons of the established "everyone" role would not allow it nor any other default role as defined by the group administration.
In consideration of what to do with groups whose administration has been absent for a period of 6 months or more, by default all link postings should be disabled until such a time (if ever) a group owner logs in and establishes who may post links. While some may see this as an unpopular option, it prevents those groups that some still use from being exploited.
I propose this solution as if there is no ability to post phishing links, then there is less likelihood that users are entering in their credentials and their accounts being compromised as well as serving the great community good of people who just don't want to see this mess as there are other means of advertising for those who are interested.
Regards,
DJ Vicious
Log In
David Bloom
Great proposal to restrict criminal scam activity using group chats that is rife in SL at the moment
Glizzy Goblin
Honestly? I think that LL should require new avatars to submit payment information, even if they don't plan on purchasing.
This solves a few things:
- Helps stop alt accounts with no payment information from spamming free groups with phishing or spam.
- Helps LL have a paper trail of who owns the account vs throw away emails where they can't track alts unless they look into IP addresses (which can be changed).
- Will be more likely to prevent minors from signing up and lying regarding their age.
Hilary Querrien
Glizzy Goblin this is unfair to those who have free accounts. and I doubt it'll prevent people lying about their age.
penutbutterjellyman Resident
These are all great ideas. Let me suggest another one. All the phishing links I am seeing are hosted on Heroku. I have sent two abuse reports to Heroku about them and while they do take them down, they don't respond to me.
Could the LL security team contact Heroku about this? It might carry more weight if they are contacted by an organization than just me. They might be more proactive in shutting these down.
Katherine Heartsong
I'll just add that every account should have the ability to block certain words or even strings of characters including wildcards and especially links (like the usual heroapp spam one) from ever appearing in their IMs. Group owners especially ... as the owner of several groups I expect to be able to absolutely block any posts that have part of that link. We need a black list for messages.
Hilary Querrien
Katherine Heartsong you need to be a bit careful with blacklisting 'strings of characters'. There's a now famous English town called Scunthorpe. It's worth googling "The Scunthorpe problem"
Brozier Rizzler
Link restrictions may reduce spam volume, but modernising authentication reduces successful compromises. If the goal is to meaningfully combat phishing, continuing to build on MFA and moving toward passwordless authentication would have a far greater impact than controlling where links can be posted.
Phishing only works because passwords can be reused. Remove that, and most of the problem goes with it.
Sadly, the suggestion to address this at the root has already been closed, so we’re left debating where phishing should be allowed to appear rather than how to stop it from working.
CatalinaHunter Resident
No reason why this can't be done. It would benefit everyone.
Wicked Nightfall
Let's also get in a system that stops gambling sim spam!! Sims I have never been to are sending messages daily to come and gamble with them for real money!! That's a real concern especially with the kids who use SL.
atownes2 Resident
good idea
JillPauline Resident
I completely agree with the proposal, and I believe that only users with premium accounts or those authorized by the group owners, after a vetting process like the one DJ Vicious proposes, should be allowed to post valid and verified links. Serious measures must be taken against account theft, and it should be considered a cybercrime punishable under US law.
Belle Venus
I’d like to add a concrete observation to support this request. Recently, the same Marketplace link was posted repeatedly across more than 15 different groups in a very short time frame. This pattern clearly indicates automated or coordinated spam behavior rather than isolated misuse.
From a technical standpoint, role-based URL permissions and optional allow-lists would significantly reduce the attack surface for phishing, especially in large or lightly moderated groups. Blocking link posting by default for the “Everyone” role, with explicit opt-in by group owners, would immediately mitigate mass spam without impacting legitimate group communication.
Given the scale and frequency of these incidents, this has become a security and usability issue rather than a moderation preference, and addressing it would meaningfully improve user safety and trust in group chat.
Load More
→