By using this site you agree to the use of cookies for analytics, personalised content and ads. Read more

Spoofed message from contact

SOLVED
Go to Solution
Tourist

I received a message earlier today from a friend on my contact list whom I don't normally have Skype conversations with.  Content was (I've modified the URL slightly)

Hi! ht tp://goo.gl/8289Yj

 

The link resolves to a Russian/.ru site so I immediately knew I had been duped and closed the window before the page loaded.

 

He checked his Skype account and didn't see any activity and he also checked the MSA his Skype account is associated with (via http://account.live.com > Security > Recent Activity) did see any suspicious activity.

 

So it appears his account has been spoofed on Skype.  How is this even technically possible?

See more topics labeled with:

Message 1 of 1,079 (113,803 Views)
1 Accepted Solution

Accepted Solutions
Community Manager
Solution
Accepted by Claudius (Community Manager)
‎28-08-2015 11:00

We’ve been working on the spam problem some of you have experienced. Whilst there has been no breach of the network, or malware exploit of a vulnerability, our investigations indicate that attackers are using a list of stolen usernames and their associated passwords to try and log into Skype accounts. Although most of their attempts are blocked or fail – many of the usernames they try don’t event exist as Skype usernames – a small percentage are successful.

 

Unfortunately, login credentials are highly valued by motivated and resourced cyber criminals whose efforts to steal them are not only a challenge for the IT industry and law enforcement, but society as a whole. Our conclusion is that this issue impacts customers who use, or have in the past used, the same username and password combination they use for Skype on other services as well, and at some time in the past have had those credentials stolen – possibly through a phishing attack or some other form of cybercriminal activity.

 

We started investigating the spam issue when it first appeared and have put in place measures to block the attackers and protect customers. Without giving details that would inadvertently tip off those behind the spam, I can tell you that we have implemented a number of measures to harden the spam detection and login process.

 

With control of a username and password an attacker won’t need your device to be switched on to send spam. The best defence is to change your Skype password. If you can’t remember your Skype password, this guide will help. If you have linked your Skype account to a Microsoft Account, or some other service like Facebook, make sure you change the password you use uniquely for Skype and allow 24 hours for it to take effect. And of course, make sure you choose a strong password. This information will help you. If you haven’t already, you might also consider adding a valid email address and phone number to your Skype profile so we can better help you recover your account should that ever be needed.

 

We take the security of our customers’ accounts very seriously and our vigilance is constant. More advice on how to help keep your Skype account secure can be found here.

 

[Edited on July 29th to highlight information about linked accounts.]


Found a helpful message? Give it a Kudo below to say "thanks" ¦ Latest Community News
Did my reply answer your question? Accept it as a solution to help others, Thanks.

View solution in original post

Message 313 of 1,079 (47,802 Views)
1,078 Replies
Novel Adventurer

My friend just got the exact same thing... Antivirus are actually running, but nothing for now... Does someone have an idea about that ? Is it a random new virus, a skype issue... ? Is it safe to use that computer as usual after that ?

Message 2 of 1,079 (113,769 Views)
Casual Adventurer

My account sent out the same message OP describes. The message was sent at 2345 UTC on 01-07-2015 to all contacts.

As a precaution, I changed my Skype password on a different machine. I also checked whether anything strange was accessing the API, but this did not appear to be the case.

I viewed the recent activity in the MSA my Skype account is associated with, as per OP. I found several instances where the password was entered incorrectly (the password for my Skype account and MSA are different), traced to my IP address using Internet Explorer (which I do not use). I have since unlinked my MSA.

Please advise. Thank you very much in advance.

Message 3 of 1,079 (113,744 Views)
Casual Adventurer
I also just had my account just send out this link, my computer hasn't even been running for the past 3 days which means this is an external thing. Is it possible skype themselves have been compromised?
Message 4 of 1,079 (113,719 Views)
Casual Adventurer

I'd like to clarify the question previously posted.

"Is it possible skype themselves have been compromised?"

The likelihood of this is very slim. Their databases are quite secure. I'd rather like to suggest a few more probable causes.

  • Most Likely: The compromised account was phished. Most hackers don't use phished information immediatly, as it would be too obvious. They tend to wait until their victims are likely to forget their sketchy site.
  • Likely: Social Engineering with Skype Support. It is possible to hijack accounts by tricking humans. Unlike machines, humans make mistakes; making mistakes is what makes us who we are. Have the victim check his emails related to Skype Support. If this is what happend, they are likely to have sent a copy of the ticket to their email.
  • Very Unlikely: A vulneribility has been found allowing a user to create an account using illegal characters. When the machine processes those illegal characters (depending on how they process and encode characters serverside) it removes the characters and allows the user to spoof the account.

I hope that clears some things up. Good luck to you all, and have a nice day!

Thanks,

Cryo

 

Message 5 of 1,079 (113,708 Views)
Casual Adventurer
And yet I highly doubt that I have been phished, so please, tell me how I myself could have been compromised? Keeping in mind that I always type in "skype.com" if I am going to this site and have no viruses on any device.
Message 6 of 1,079 (113,697 Views)
Casual Adventurer
Sorry if my comments come across as rude, but that is what happens when you get woken up at 0330 about viruses and stuff....
Message 7 of 1,079 (113,696 Views)
Tourist

I just got hit by this as well and I'm spending the day apologising to everyone who the automated message was sent to. What sucks is this was my work account. Luckily everyone has been understanding, as I don't ever do anything like that.

Message 8 of 1,079 (113,683 Views)
Casual Adventurer
I just finished sending

Unfortunately the client you are about to tell/have told that they have been infected by a virus, hasn't been infected by a virus, as a lot of other clients have also had their accounts breached tonight. Messages relevant to this will be ignored.

To everyone... All 83 contacts... On my phone...
Least your people are understanding XD
Message 9 of 1,079 (113,671 Views)
Novel Adventurer

Hi there.

 

This morning (2015-07-02 8:39~8:41 CET) my account sent a SPAM message to every one of my contacts.

Message was really short:

Hi! [goog.gl shortened link]

 

I would like to discover:

Are my devices sending this messages? (have been compromised) in this case which one(s)?

Has been my password been compromised? (anyway already changed) or they gained access to the account trough different way.

 

It will be really useful to have a log of connections for this cases (IP time etc)

 

Will be great if you can help me to fix/avoid this situation.

 

Best,

Message 10 of 1,079 (113,627 Views)