Wednesday, October 13, 2010

The fake Scuba Scam

Do you know right from wrong? It seems like some girls at Stardoll do not. Please read the following and decide for yourself.

Look at attached screenshot "Picture 10." Mant__* had posted in her guestbook in an exchange with SmileyDiva222:

"haha ;D yea one person have already sold 2 posters for 5OOsds :DD"

Mant__* seems delighted that other girls are selling her posters for that much money. Ask any girl on Stardoll if she would like to buy a wall panel with a Stardesign representation of a scuba dress for 500 stardollars. No girl that has been tricked into making that purchase is happy about it. The victims may have been too eager to believe their luck that they could get the highly coveted scuba dress at what seemed to be a great price, but no one wants to pay 500 stardollars for a wall panel.

This is the essence of the fraud. It seems that so far Stardoll has been unable to understand the difference between right and wrong in this case. And that is a shame.

Every girl who bought these panels wants her money back. If you asked them yourself they would tell you so. And they should get it. They did not break the rules. They were tricked.

This is how it was done. See screenshot "Picture 11." Each trickster displayed the stardesign art to look like it was an actual dress using a hanger and a white wall. At a glance it looked like she was selling a scuba dress. She set it up to look that way. Only if you go to her interior starbazaar, you will see that it is an interior item, and not a dress. The broadcasts can be directed to a doll's suite or to her starbazaar, and each scammer was careful to deliberately have the victims directed to her suite with the deceptive set-up. The broadcast did not say "Scuba artwork" or "Scuba poster" It said Scuba, and the girls that responded to the broadcast expected to find a dress.

Once at the suite, the victim simply clicked on the price tag to buy. She was probably hurrying because she wanted to get the "bargain" before someone else got it. Look at the screenshot I called "Suite purchase option box" that I took today. The design information does not appear on a stardesign item when it is clicked on in a suite. The victims did not get to see that it was designed by Mant__* all they saw was an image of the dress they wanted. Yes, there was some white background too, but Stardoll has been changing the look of a lot of features lately with no explanation, so you cannot say that that was adequate warning. It wasn't until after the girl opened the box in her suite that she would even know she had been tricked!

Some think it is okay for girls to outsmart the unwary. Thinking cleverly is exactly what scammers, con artists and tax cheats do. (And unprincipled internet corporations? Ha ha ha.) It is what cheaters do. It is one thing to use a person's brains to earn money, and quite another to use these talents to rip off children.

I think this is a conspiracy, and I am going after every participant. A conspiracy is an agreement by two or more persons to commit a crime, fraud, or other wrongful act. It always surprises me how resistant Stardoll Support is to getting rid of scammers. Maybe they don't like me telling them what to do. They need to get over it. It's not personal, I'm just asking them to do what is right.

The lack of immediate and decisive action is only going to make things harder for Stardoll Support. They should realize by now that they ought to crack down at the first sign of a new scam, before there are hundreds of these schemes multiplying on the site.

Deleting Mant__* will send a message that no one is above the rules. She has had a very high position and status at Stardoll. But that does not give her the right to be part of a scheme to hurt others, and then laugh about it with her clever pals. It would be even better if Stardoll let people know why she is gone, because you can scare a lot of girls into acting better if one is taken down for her misdeeds. But I don't expect that they will make a public announcement.

I think they should trace each and every one of the posters Mant__* created and delete them. Deleting Mant__*'s account will prevent her from making more of them. Then Stardoll should reimburse the buyers/victims. 

I hope I have explained this well enough that you understand what is wrong.

UPDATE: cool2annie has been deleted. Now she is sorry. And she is lying to her friends. She knows she tricked others and broke Stardoll rules, but she hopes to manipulate her innocent friends into supporting her cause. Here are some screenshots of some of the things she did. I have more...

Monday, September 20, 2010

Begging is not Pretty

Users do ugly things at Stardoll. Things that if their parents knew, they would be deeply humiliated. One of these is begging. 

There are many ways to beg. A lot of kids ask for gifts. I find someone asking me to spend real money on her account annoying. That is what members do when they ask me to make them a Superstar.

I also don't like the practice of asking a seller to lower prices. A seller tries to set reasonable prices in her bazaar. If you want what she has to sell, buy it. If you don't like her price, go elsewhere. But remember, it may take you more time than it is worth to save a few stardollars. 

Remember that Stardoll keeps a record of everything you do on the site. You may think chat, friend requests or dollmail are private. Nothing is private. And deleted items are still part of your record. Read the membership terms. If they investigate you, they will check it all. Big brother exists. 

Wednesday, September 1, 2010

Website Security. You are not safe!

Today someone mentioned casually that her daughter was spending a lot more time on facebook than Stardoll. As if that were a good thing. My opinion differs. Many websites have major security problems, but they are not going to tell you about them. Here are my thoughts, in no particular order:

Facebook has a new feature. And you automatically get it unless you know how to turn it off. Now, anytime you update your wall or post anything at facebook, your location information is revealed! Great. Now someone can track you and find out if your home is empty all day. And it can save a stalker lots of time figuring out where you are. You may want to find out how to turn this off and do it ASAP.

I got an email from a friend about an ad on craigslist. It was some make money at home scheme and it not only looked like a scam, but it had a link to a website that trigged a warning in my browser. Maybe I am too cynical, but I have learned that when something seems to be too good to be true, it is not true. And I have seen similar things before. I have encountered hackers and scammers on facebook and on stardoll. I didn't think about Craigslist, but I am not surprised that those scum have a presence there as well.

Most people are buying computers and jumping on the internet without learning that they can get into some serious trouble. Hackers set traps for the naive. Their purpose may be to install malware or spyware in an unsuspecting person's computer or to steal cookies. Malware can lead to problems with your computer and can damage your hard drive as well as your software and existing files. Spyware gathers information (like your keystrokes for everything you type, including passwords) and then secretly sends it to the hacker. Cookies contain your online login information for your bank and other websites you use a password to use and may carry other sensitive information.

I have good protection (love my mac) so I cleared my cookies, closed all my other programs and clicked the link. I was not surprised that there was no information at the website, just a bank page. I noticed that the URL in my address bar indicated that the site address ended in .tk which is not good. I know of a few phishing sites with the same .tk address, including several fake stardoll sites.

Even my loved ones violate my privacy and send me things that may harm my computer. I cannot get my aunt to use BCC instead of TO when forwarding me an important email. So she sends my email address to hundreds of strangers all the time.

While I am at it, let me digress and mention I do not need to see that the Phenylalanine chain letter hoax is making the rounds again. The amount of misinformation being circulated by email is an embarrassment. I thought people had some sense. I wish everyone would take a minute to look up the latest rumor at and then make an intelligent choice before forwarding it to everyone in the address book. I do not consider getting chain mail any kind of thoughtful communication. I will rave about this more in another post.

Here is another polite message I sent to my aunt about attachments:

"I deleted the last message you sent to me without opening the attachment. It looked suspicious. There are so many things that can come as attachments that can harm a computer, that it is not wise to open them, or to send them on to others. Opening the wrong attachment can cause a lot of trouble. It can trigger a download of spyware or malware that you will not be aware of. It can slow down your computer, violate your privacy and steal sensitive information, such as accounts and passwords. If you are interested in sharing information, the best way to do this is to send it in as plain text in the body of email. Sending images is safe. I prefer jpgs, pdfs and pngs."

It is also wise to keep in mind that a link that someone sends you by email may cause the same problems as one you encounter on the net.

One of my friends had her computer hacked by clicking on an ad in Facebook. Her bank account and credit cards were all compromised. She had to change all her credit cards and freeze her bank account until things could get straightened out. Her company decided to replace her computer because spyware and malware were installed at the same time she had her cookies stolen and the hard drive was seriously compromised. It took her weeks to clean up the mess.

Facebook says they have banned the advertiser who put in the fake ads. I wrote a long letter to them about this, and they blamed the developers of PetPupz, because she was playing that game. Of course PetPupz blamed facebook. I am not pleased with them. I have kept my facebook account, but I barely use it. And I never play the games they offer.

The New York Times website was hit by this kind of hacker attack the last weekend of September 2009. The ads seemed legit, but as soon as the Times offices closed on friday, the hackers somehow switched out the code and thousands of users were hacked. The Times had to post detailed instructions on what to do and posted an apology as well to all the users. You can look it up. It was a big deal.

To protect yourself, never to allow a download of virus scanning software that you may encounter while surfing the internet. Most likely it is a trick and will compromise your computer's security. If something starts downloading that you did not request, immediately pull the plug or shut down however you can. Disconnect from the internet and then reboot your computer. I usually then search my computer by date and delete any file that was created in the last few minutes. I am a bit paranoid. It is always a good idea to not have unsaved documents open when you are on the web, so you can shut down without losing any of your work.

You must use cookies for many activities on the web. Cookies identify you when you log on to your bank and other sites, such as facebook. The use of cookies makes everyone vulnerable to getting your accounts hijacked by real hackers. You can google "cookie stealing" and find out how to set up this simple hack yourself and what you need to do to hijack a user's session. To be safe, clear your cookies and close all your other windows before you log into a website that requires you to log in. Stay on only that website until you log out and then clear your cookies again.

There are more things you should do if you are using a public computer, wi-fi at a public place or a computer at work where other people may have access. But this is a good start.

Some sites have more security than others and you can see it by looking at the address bar in your browser. If it says http:// it is not as secure as a site that says https:// so be careful. 

Looking at your address bar can help you identify if you are at a genuine site or at a fake website designed to trick you. I was sent a link to a fake stardoll site and the only clue I had was in the address bar. Instead of I was at and my computer had automatically filled in my login information in the boxes provided. If I had not been more observant, the hacker would have gotten my login information and would have been able to steal my account. This is what they call a phishing website. These copycat websites are designed to trick users. 

Here is an example of phishing. Let's say a victim gets an email that says it is from Bank of America and it says to log in to take care of a problem. If the victim clicks the link provided, he may be taken to a fake website that looks just like the Bank of America site. But when he logs in, he sees a blank page or the same login page again. The hacker now has the victim's login information. But what if the victim does not have a Bank of America account? No problem. The email was sent to every address the hacker could get his hands on. Some of the people are going to have Bank of America accounts. Those are his targets. That is why it is called phishing. 

I have a log on my firewall. I get an attack on my computer about every 8 seconds. These attacks are probably not all from the same source. But the internet is a ugly place now. Everyone should update their firewall, virus protection and check for malware and spyware.

I am assuming that you are using a PC. I use a Mac. If you have an Apple computer, you do not need to buy a lot of extra software, (my firewall is part of my Belkin wireless home network and came with the router) but you should make sure you keep up the security updates that are provided by Apple. Whatever computer you are using, if it is running a lot slower that you think it should, you may have a problem. Purchasing a reputable security program and running it will probably take care of it.

It is best if you have someone you trust who is handy with computers to help you out, but being aware can be helpful.

Try to be safe. It's a jungle.

Saturday, June 19, 2010

Scammers at YouTube

Watch out for these scams. These are screenshots I took at YouTube. These cheats and ones like it do not work. If you go looking to cheat the system, you are going to get cheated. Stardoll is hackproof. But you are not. Tricksters and con artists say anything to get you to give them your vital information. Information that they will use not to give you stuff, but to steal from you. These YouTube videos are there because they work. The people who posted them get to steal lots of cool stuff from suckers. Don't be one of them.

I have attached a few screenshots. This is a link to the most popular scam. Go and watch it if you like, but notice at the end she asks you to email you password and username to her. If she really could hack stardoll accounts, she would not need that info. She is a liar, scammer and thief.

So are the users in the screenshots below. Tell all your friends.

Monday, May 24, 2010

Sunday, May 2, 2010

Dangerous Hacker/Scammer


Do not go to the blogspot blog set up by the stardoll called priin. which she mentions in her starblog. There is a link there that leads to a fake stardoll site.

This is what her blog looks like. But look at the bottom of the page on the left. It tells the URL address of the link. It is not for stardoll, but for starboll!

The link goes to a site that looks like stardoll. Look closely at the screenshot. The URL is not but

I clicked on a link on the page and was surprised because my browser filled in my username and password! I deleted them, closed the window, deleted my cookies, quit the browser and restarted. But that was close.

Other girls are probably being tricked by this. It looks to me like the account for priin. is being used to get victims to scam. I have asked Stardoll to please delete the account, or see if it used to belong to someone else and get it returned to the original owner.

Please let me know if you see this particular scam being posted on any other users pages. I am afraid the scammer is stealing accounts and posting this in the blogs of all the victims in order to continue to reach more victims. Leave a comment in my madmadeleine guestbook on Stardoll for the fastest response. Thanks.

Monday, April 19, 2010

Hacker warning!

You can get hacked just by going to another website outside of stardoll or by clicking a photo or link on a blog or website outside of Stardoll.

Make sure you are logged out and your cookies are cleared/deleted before visiting any other site than Stardoll.

Let us get a few terms straight. Scammers are not hackers. Scammers are con artists tricking kids into giving passwords. There are 2 ways that usually happens. This is the most common. A scammer will convince an owner of an account (we will call that person a sucker) to share her password. Scammers offer many different things, some as simple as a "make-over" of a medoll, a presentation or a room in the sucker's suite. The scammer may say she knows a "cheat" that will get the sucker free stuff superstar or stardollars. A lot of girls on this site are young and trusting. Scammers don't have to much more than lie and they can get the sucker's password and anything else they want.

All you have to do to thwart a scammer is to refuse to give your password.

Hackers are more dangerous. They use weaknesses in the website computer code to break into accounts. This is very bad.

Stardoll uses tiny snippets of programming language called cookies. When you log on, you create a cookie automatically. It contains your password information.

There are programmers who have ways to steal this cookies right off your computer! This information is widely available to hackers. Just google "cookie stealing" and you will find out exactly how to do it. It's not easy for most of us, but some people are good at computer language, and if they just follow the steps, they can steal accounts.

From what I understand, a cookie logger (that is what these hackers are called) can log in, but only if you are logged in. Then they hijack your session. They If you want to be safe, only visit other sites and blogs when you are NOT logged into stardoll. And then make sure to clear out your cookies and quit the browser. Then launch it again and log in to stardoll. I can't guarantee you will be competely safe, but you will be safer.

If you suspect that you have gone to a cookie stealing site and you were logged in, you can try this right away. If you act quickly, you may be able to minimize the damage. Log out right away. If you log out before the hijacker changes your password, you may have escaped any harm. Then clear your cookies and log back in and change your password.

Make sure you create a strong password. More about that later.

This is the story of how debbiecat4 was hacked. Please read all about it and learn how to protect yourself. It started with flattery. Someone contacted debbiecat4 and told her she loved her designs and had written about her in her blog. And to see it, all she had to do was to click a link that she provided. Debbiecat4 says it was ego that led her to click the link. But when she did, there was no blog. The web address was set up for what is called cookie stealing or cookie logging. Things got bad very fast. Debbiecat4 logged out. She didn't realize there was a problem until she tried to log back on and her password didn't work. The hacker started to take all of debbiecat4's stardollars by buying stuff using her account. While this was going on, debbiecat4 logged into her daughter’s account and started alerting friends to get help.

I went into debbiecat4's closet room. The hacker was buying a lot of stardesigned items at 60 each. I’m sure she was buying them from an account that had been set up just to have these items on sale. The money has probably passed thru many accounts to try to make the theft untraceable. But this is the way the hacker got a lot of debbiecat4’s stardollars. The hacker gots her starbucks, which is a shame. But debbiecat4 can buy and earn more. Call it an expensive lesson. But if the hacker had been able to sell her rares they might have been impossible to replace. That’s the one part where friends can help. If someone you know is being hacked, this is what you can do to help. You can make it very difficult for a hacker to strip an account of valuable and irreplaceable items.

The friends of debbiecat4 watched her bazaar, ready to pounce. If they had seen a rare on sale, they were ready to buy it right away and keep the hacker from getting it. The idea was that when debbiecat4 got her account back, her rares could be sold back to her. A whole team needs to help, because if one doll already has that particular rare, she cannot buy another. Someone who does not have it would have to step in and buy it. In this case, the hacker was busy getting the money from the account. Since there was a lot of money, that took a lot of time. The hacker did not get to start selling the rares before debbiecat4 managed to get her account back. But while the account was under the control of the hacker, the hacker sent messages by doll mail to every one of debbiecat4’s friends saying debbiecat4 needed help and asking for passwords!

No one fell for that trick. Remember, don't give your password to anyone! At least debbiecat4 was aware that she was being hacked and could use another account to let her friends know. The hacker probably changed her password right away so debbiecat4 could not log in. I have been told that the following is the best thing to if you are hacked. Send proof to stardoll support right away that the account is yours. Forwarding an email receipt will do it along with a note asking for immediate help. Put “emergency--being hacked now” or something like that in the subject line. And send it directly to by regular email.

You can also fax stardoll. Use the information at the bottom of every page at under "kids privacy policy." The fax numbers are there. Debbiecat4 got her account back within hours because she faxed proof to Stardoll that the account was hers.

---------- I found instructions on how to create a cookie logger to hack people on the web. It's a shame that people do this. I googled this and found at least a hundred websites that had the step-by-step way to do this. So this is not new or secret information. Some of the posts about this were from 2002!

I am not going to post all the insructions, just the ones about what is going to happen:
Step 6: The victim sees the image u uploaded but when he clicks the image he has a Temporary Error and you will get his/her cookie.
Step 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie.
Step 8: Go to the Website whose Account you have just hacked and you will find that you are logged in as the Victim and now you can change the victim’s account information.
Note: Make sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.

See in the note how it says that if the victim logs out the hacker will get logged out too. That is only until the hacker is able to change your password. So if you suspect you are being hacked, log out right away! It might work and prevent the hacker from doing much damage. Then clear your cookies (you should learn how to do this and do it often,) and log in and change your password. If that works, you have just saved yourself a lot of trouble.


For this method of cookie stealing, you need to be logged into Stardoll in order for the Hacker to steal your cookie. Don't go to any other websites while you are logged into Stardoll. But keep in mind that there are also ways to steal cookies still in your browser, even when you are not logged in, so clear/delete your cookies after you log out every time to be safe.

Don’t visit any other websites or blogs while you are logged into Stardoll. Think twice before you click any link someone sends you. Do you really know the person who sent it to you? You might not want to visit websites that look like bait for unsuspecting suckers, sites that offer stardoll cheats and loopholes and other things you know don't exist. Visiting hackers websites and blogs is risky. I recommend you try to refrain from doing so. I take lots of precautions, and I use a Mac, which adds a layer of extra protection. My router also provides a firewall, another layer of protection. I noticed my firewall gets pinged more than once every 20 seconds, so I am glad it is there protecting me. If you are confident that you are fully protected, then go ahead.

BTW, the second way most people get hacked is when they use an easy-to-guess password. Hackers already have your login name. So they just read the presentation and blog. Someone says her dog is named lucky. The hacker tries logging in using lucky as the password. And a lot of the time, it works, because people use common, easily guessed passwords. Make sure to have a password that is impossible to guess. Never never give your password to anyone. Okay, maybe your mom or dad if you are a kid. Ask yourself, "Would I let this person have the keys to my car? My house? My ATM card and pin number?" True friends will never ask for your password.

While you are thinking about it, change your password. It should contain letters, numbers and something called a "special character". "Special character" refers to symbols like @#$%^&*?, basically the stuff you can type on your keyboard that is not a number or a letter. Write it down and keep it in a safe, secret place. Somewhere you will remember. I like the idea of hiding things in plain site. Write it on the top of page 50 in a particular book. And don't use consecutive numbers or the same number or letter repeated. 123pass is too easy! Try something like r@3ty1. It has numbers, letters and a "special character." BTW, no one can hack you on Stardoll. There is a rumor that girls have been hacked by accepting a friend request. That is not true. No one will be able to hack you from any of the activities you may participate in on the site.

Please contact me if you have any questions. I have been told that the comments box does not work on this blog. Sorry. Please leave a note in my medoll's guestbook.