I have been trying to track down the source of some unauthorized charges to my credit card, some of which came from "Skype". Attempts to contact a reasonable person have been in vain.
Their "security" requires you to communicate via email - unencrypted, unsecured.
They initiate a Support issue via an "https" web page and do send your personal information to them via a secure link (good). However, they respond to your request by email, including all of the personal information you entered (very bad). Anyone with minimal hacking knowledge can intercept it. All communication after which must be done via email.
They call this securely protecting your personal information.
My last correspondence to them:
A simple question: do you have a (any) credit card information on, linked, associated with my account?
We would like to confirm that there is no credit card linked to Skype account xxxxxx. For us to further investigate on the issue and check if this is indeed a valid Skype charge, we suggest you send us the following information:
- First 6 and last 4 digits of credit card used to make the purchase (NOTE: Do not send full credit card number.)
- Name of cardholder written on the card.
- Issuing country of card.
- The exact dates (or order numbers) of the fraudulent charges on your credit card statement.
And they want this transmitted to them in an open email?
Where are the security folks at Skype? Out making another great security statement?
Does anyone know how to read and understand simple English questions?
The tier one support is nothing more than an automated response system inserting a phrase or two from your question. No intelligence or reading required.
If it turns out someone hacked the Skype to charge to me - one would think Skype would like to expose it, fix it if it is their problem or at least assist a user in identifying the problem so others are not hit too. That looks like wishful thinking to me.
If there is a real Skype person monitoring this forum - can you please respond. So far all I have found to my simple, basic questions are long, complex, convoluted statements of the greatness of Skype and nothing close to a real answer (and continued requests for my card information).
Someone stole my checking account number and routing number to use on their SKYPE account. I find it HORRIFYING that I cannot email this company DIRECTLY and let them know that a "customer" is stealing from me. I have used Skype only once for a free call but I NEVER gave this company my account information. I hope that an actual person sees this and contact me so that we can find out who is stealing and do something about it.
Skype, the company actually gave out information on a WikiLeaks supporter without waiting for a warrant.
Opinion, I would not save your credit card information on Skype at all. Also if Skype keeps this trend up, I am going to stop using their servies, because they are not needed.
Note that email by itself can be secure, if
- users uses SSL/STARTTLS connections when communicating with mail services (both IMAP and SMTP)
- SMTP makes use of SSL/STARTTLS when transmitting email messages
You can check the headers from Skype email response to check whether the above is true.