Fake Update Ad Leads to Skype Malware Attack

Latest scam threats on Skype video and messaging service: Internet Scambusters #774

Most of us have used or at least know about the popular video and messaging app Skype.

But how many know how easy it is to fall victim to a Skype scam using either the service or its name?

We’ll tell you about the latest tricks in this week’s issue and where to look for more information to identify and beat them.

However, before we begin, we first encourage you to take a look at this week’s most popular articles from our other sites:

Debit Cards and ID Theft at the Gas Station: Gas station identity theft is surprisingly simple, especially when you use your debit card, so read on to find out how to avoid it.

Exercise in 3 Minutes? It’s “Microwave Exercise”! Any amount of exercise is good for you no matter how long or short you are doing it so spending 3 minutes on it shouldn’t be hard!

Your Annual Chimney Sweep Checkup: Is It Something You Can Do Yourself? Find out if using a chimney log for chimney maintenance can really replace a chimney sweep.

Popular Misconceptions and Myths About Dogs, Part I: In this special two-parter, we’ll take a look at seven of the most common dog myths, many of which are honest misconceptions that seem plausible!

Let’s get started…


Fake Update Ad Leads to Skype Malware Attack


Although there are many different computer applications for making video and audio calls, Microsoft-owned Skype is probably the biggest of them all by a considerable margin.

With an estimated 74 million registered users and 560 million who say they’ve used Skype at some point, that makes the service a tempting target for scams.

These range from simple scam messages that aim to steal sign-on details to sophisticated tricks that can upload malware onto your PC.

According to a user on the social network Reddit recently, fake ads have been popping up on Skype’s home screen claiming the user needs to download a “critical update” for a plug-in, (a linked piece of software that works with the program). In this case, the “update” is said to be for the animation software known as Flash.

Clicking on the ad downloads a program that looks like a real Flash update. But behind the scene, it installs malware that triggers a ransomware attack — locking up the PC until the user pays a ransom.

Subsequently, several other users reported similar problems, with a worrying discovery — the malware was capable of avoiding detection by anti-virus programs.

Microsoft said later that users should be cautious about opening unsolicited attachments or clicking on links from unknown sources.

This is just the latest in a stream of Skype scams that target the unwary user. Other tricks to watch out for include:

— An unsolicited message that starts a series of flirtatious online conversations. Eventually, the victim is asked to say or do something compromising, which is recorded by the scammer. This is followed by a blackmail threat to circulate the recording on Facebook.

Interestingly, although this is a long-standing trick, there seems to have been no reported instances of the scammer actually following through on the threat.

We reported on this scam in more details in an earlier issue: Crooks Use Skype Video in Dangerous Romance Scam.

— Fake job interviews. Crooks use Skype to make their job scams seem more genuine.

During the interview, the victim may be asked for personal, confidential information. Or they may be offered a non-existent job but told they have to pay for supplies or make some other type of upfront payment.

In other instances, victims are asked to download some key software that is really a nasty piece of malware.

— Phony tech support calls. As well as using landlines and cell phones, scammers have been using Skype to call victims, claiming to be support techs from Microsoft or Skype.

They say that the victim’s computer is operating slowly, affecting the Skype connection. They ask to be allowed to connect to the victim’s computer.

Once they’re on, they steal information or upload malware.

— Phishing emails claiming to be from Skype. They lead to a fake Skype sign-on page, or they tell victims they need to update their Skype software, as a prelude to installing malware.

This is quite a widespread scam, although the company doesn’t usually notify users about upgrading via email.

You can often tell whether the email is genuine by checking the sender’s address.

Find more details, including legitimate Skype email addresses, here: How do I know that an email is really from Skype?

Another fake email pretends to be from online payment processor PayPal, confirming a payment you supposedly made for a 3-month Skype subscription.

Of course, you didn’t make any such payment, So, there’s a handy button in the message for you to supposedly dispute the transaction, but it leads to a phony PayPal page, ready to steal your sign-on details.

— Spam and abusive calls. You may receive unwanted advertisements via Skype’s messaging services, or receive unwelcome video or voice calls, sometimes threatening violence.

Use Skype’s privacy settings to block these types of malicious scams. Simply alter your settings to only allow people in your contacts list to get in touch with you.

This can also be used to eliminate other unsolicited contact scams.

For more information on how to change your settings, check out: What can I do if I receive spam messages or abusive calls in Skype?

The company also has a useful guide on how to avoid downloading malware:  What is malicious code and can I download it accidentally using Skype?

Don’t let the threat of scammers spoil your usage of the Skype service. Instead, use caution when you receive a message or call from a source you don’t recognize.

Even when a message seems to come from someone you know, it’s possible their account may have been hacked — so beware of clicking on links in any messages without confirming the source.

Ask the sender, who claims to be someone you know, a security-type question that will confirm who they are.

Alert of the Week

Are you in line for a compensation payment after being pestered by a free cruise spam campaign?

The company behind the campaign has agreed to pay up to a total of $12.5 million to people who received illegal robocalls allegedly on behalf of several major cruise operators.

The compensation results from a class action lawsuit and you can find out more and whether you’re entitled to up to $900 by visiting their site.

That’s it for today — we hope you enjoy your week!