Skype users: Beware of new voice and text attacks


AVG Technologies, a provider of internet and mobile
security, warned of newly emerging social engineering attacks on users of the
popular Skype phone and messaging service.


Local reports are increasing of Skype
users being targeted by so-called ‘vishing,’ a voice variation of e-mail-based
spear phishing. This new kind of attack is particularly insidious in that it
combines both voice and text to try and dupe users into thinking they are
receiving legitimate calls.


Vishing plays out in the following sample scenario: While online, users receive
automated voice messages via Skype saying their PCs have been checked for
viruses and that a ‘fatal virus’ was found. The message then advises them to
repair the problem by providing a link to a malicious web site.


The aim of the cyber criminals is to get their victims to
download malicious software disguised as security updates or rogue antivirus
programs onto their computers. Their ultimate goal is often to scam users into
providing personal information that can be used to break into their financial,
social networking and other online accounts.


While Skype works hard to prevent these kinds of
attacks, users need to be vigilant. Although many users have learned how to
spot and resist suspect e-mails and internet chat messages, we aren’t
conditioned to be as wary of phone calls,” said Tony Anscombe, ambassador, Free
Products, AVG.


With land lines and mobile phone calls, all contact with
unwanted callers can be cut simply by hanging up.But because Skype calls are placed
over an internet connection, once the digital connection is established, it can
be used as an open conduit regardless of whether you’re participating in an
online call or not,” Anscombe added.


Anscombe’s advice is to hang up immediately on the Skype
call, block the user and report the user for abuse. By reporting abuse by the
user, Skype’s automated systems for blocking malicious users will be updated
and you’ll be helping to protect the greater Skype community.


As a general rule, don’t accept calls from sources you
aren’t familiar with. Certainly don’t follow any instructions from unknown
parties, just as you wouldn’t click on or visit unknown URLs or download
suspicious-looking attachments.


If you give out your Skype number frequently, or if it is
not otherwise practical to only accept calls from known contacts, ensure the ‘Answer incoming calls automatically’ option is not selected, as described
above, to retain the option of denying calls from suspicious sources.


By Team
[email protected]