In some cases, no doubt, these people actually committed a serious breach of the Second Life Terms of Service (that's a link for a reason, Dear Reader. If you have not read the TOS, you really should.) But in most cases, they probably have done nothing more than be a little gullible, or greedy, or careless -- someone sent them a URL via email, or in an IM, or a group chat, or in a notecard, and they clicked on that link.
Such links are often "phishing" scams. The web page may look at first glance like a Second Life page, but if you enter your user name and password, they are sent to the scammer. Then he can change your password, take all your $L, delete your inventory, and use your account to commit serious TOS violations.
And the REALLY awful thing about this is that you...yes, YOU...are responsible. Right there in the TOS Linden Lab clearly says:
(From TOS Section 4.2, emphasis added)
You are solely responsible for all activities conducted through your Account whether or not you authorize the activity (except to the extent that activities occur because someone gains access to our system without using your identifiers and password). In the event that fraud, illegality or other conduct that violates this Agreement is discovered or reported (whether by you or someone else) that is connected with your Account, we may terminate your Account (or Accounts) as described in Section 5.
You are solely responsible for maintaining the confidentiality of your password and for restricting access to your Internet Device. You are solely responsible for any harm resulting from your disclosure, or authorization of the disclosure, of your password or from any person's use of your password to gain access to your Account or Account Name. You will immediately notify us of any unauthorized use of your Account, password or username, or any other breach of security related to the Service. At no time should you respond to an online request for a password other than in connection with the log-on process to the Service. Your disclosure of your password to any other person is at your own risk.
In other words, if someone else gets access to your account, and you fail to promptly notify LL, then they may simply terminate your account. And any alt accounts you may have. And you won't be allowed to make another account or use SL again.
How to Protect Yourself:
- Read the TOS and the Community Standards and the various policies that are linked to them. They govern your relationship with LL. We can complain all day long about how unfair and one-sided it is, but nonetheless, this is what you agree to when you sign up for Second Life.
- Get smart about phishing scams. Do a web search on "phishing." There are lots of sites that will show you what to watch out for.
- Don't enter your password on any web site that does not start with "https" and/or does not have the domain "secondlife.com"
- Don't use the same password for SL that you use for other things
- WRITE DOWN your account information...name, password, email, and secret question and answer...and keep them somewhere safe.
- DO NOT leave "remember my password" checked on the login screen.