I've discussed phishing scams several times in this blog, and I warn against it in my Avatar Safety and Shopping Skills classes. Yet, people who ought to know better keep falling for this type of scam.
Here's how it happens.
You belong to a group, and someone posts a link in group chat that includes a URL that they say will take you to new freebies or shopping bargains. Or someone you know might post a link in an IM to you. Or you might see one appear from a nearby person in local chat.
You think, "cool!" and you click the link. Up pops a page that looks just like a Second Life website sign in page. So you enter your user name and password, like you always do. Or maybe you've been told that the link takes you to a page where you can earn lots of $L for taking a quick survey "from Linden Lab."
But you've just fallen for a classic phishing scam. Even people who know better than to click links that arrive in their email can be taken in by these. Especially when the message appears to come from a friend! But you have to ALWAYS be on the alert. Your friend may have already had their account compromised by a phisher, and now their avatar is controlled by an Evil Person looking to snare you, too!
And that's what happened, I'm pretty sure, to an acquaintance of mine. He'd taken my Avatar Safety class, he KNEW about phishing. But last night, his account started popping up in group after group, posting a link that was obviously a phishing attempt. If someone you know starts doing or saying things that don't seem at like themselves, their account may have been compromised. If you can, send them an IM when they are offline, so they'll get it by email. This may alert them to the situation and let them notify Linden Lab.
How do you know if a link is a phishing scam? Look at the URL. If it does not start with https://, with an S at the end, it may be bogus. If it does not have the domain secondlife.com, it's bogus. The domain might LOOK similar, but it might be something like, say, sec0ndlife.com, or secondlife.rus. The spelling here is important, so examine it carefully.
Maybe the link has been shortened, by using one of those handy services like TinyURL. If so, it will have a different form, like bit.ly.xxxx. This could be legitimate, Linden Lab does this all the time. But it could be a phisher, too. If you do open a link you get from someone, your browser will give you the actual address at the bottom of your screen. If it's not one you recognize as valid, run away!
The safest thing to do is to not click any unsolicited links you get. Browse MANUALLY to the site you want, or use a bookmark you've made yourself.