Swindle or Urban Legend?

Today I received a group notice containing the following:

IMPORTANT WARNING: to all members . It is communicated that a serious swindle is in course on Second Life: an invitation with a link is received, if we accept it the avatar is stolen . The persons who take possession of the avatar obviously take possession of all the powers and also of the data of the credit card. The name to watch for is : Cora Lewsey, who joins groups at random. She just sent the link to over 20 groups thru chat then quit the groups.
We have closed the group to new members.

I get a lot of email in RL, and quite often these types of warnings fly by and most (if not all) of the time they are fake. Not that the sender is attempting mayhem, as they could have been fooled by the message.

Now the same type of warning arrives in Second Life. Is it real? Is it fake? Internet searches reveal nothing about the accused avatar. Could this actually happen? In my opinion, I suspect there is a very slight chance this could technically work. The perp IMs URLs to a web site that takes advantage of a security hole, perhaps similar to the Internet Explorer hole that was fixed by Linden Lab a few weeks ago. If I recall, the hole enabled a perp to capture your Second Life ID and password, which of course could then be used to do the bad things mentioned above.

I am not closing down my group at this time, since I suspect this is not real. However, the best approach is simply to not visit URLs if you are not sure about their validity and safety. Especially so if they are thrust upon you without request. This goes for both Second and First Life!