14 DAY TRIAL // As communication technology evolves, so do the tricks used by the cybercriminals as they are now targeting Skype accounts to deliver messages to the victim’s list of contacts, asking for money.
The scam is quite simple and it used to be performed through the SMS service on mobile phones: a message is sent claiming to come from someone close to the victim, informing of an urgent need of money and promising an explanation after the matter is resolved.
With Skype, there are two victims: one that makes the money transfer and another one whose account has been hijacked; but apart from this, the same pattern applies.
Distress message comes from a friend
The victim that pays the money receives the text from someone in the contact list, which makes the scam more believable.
Dmitry Bestuzhev, head of Kaspersky’s Global Research and Analysis Team (GreAT) for Latin America, experienced the scam first hand when a friend asked him via Skype to lend him at least 100 Russian Rubles ($2 / 2.5 EUR).
“The cybercriminals stole my contact's password, probably using password stealing malware,” Bestuzhev says.
The text from the alleged friend informed that he was on a trip and could not reach an ATM to get some money. “I'm on a trip right now and I can't get to a payment terminal and top up my balance. Could you please transfer 100 rubles – or even better 200 – to the number +7925XXXXXXX?,” read the message.
Even penniless accounts could spell profit for crooks
Needless to say, the money is never repaid and the promised explanation regarding the kind of trouble the friend got into is not provided.
“The victim will never see that couple of hundred rubles again. The number mentioned belongs to the cybercriminals, not to the Skype account-holder. It's impossible to say how many people fall victim to this kind of social engineering fraud, but in general we know that social engineering is an effective trick for scammers,” the security researcher says.
Even if the amount asked is small, setting up an automated service that delivers such messages en masse could turn out to be a lucrative business in the end. Obviously, the main goal is to compromise accounts with an actual balance available.
The imagination of cybercriminals seems to have no boundaries, as they keep finding new ways to put their social engineering skills to work and turn some financial profit, even if it is a small one.