Sep 14, 2010 13:52 GMT  ·  By

Researchers from Web and email security vendor Websense warn of a new phishing attack, which tricks users into divulging their and personal information and credit card details by promising fictitious Skype upgrade.

The rogue emails have been hitting the security company's spam traps by the thousands and bear a subject of "Download VOIP Addons for Skype Free Talks."

With a spoofed From field they appear to originate from Skype Support and the contained message informs of Skype updates being available.

Amongst the intriguing new features advertised are more free talk time via VoIP, lower costs for landline calls, better quality for call recording and a PSP (PlayStation Portable) version.

In order to download this alleged update users are instructed to click on a link, which according to the email should lead to one "Skype Updates Center."

"The URLs themselves are fairly new: the domains being used are no more than a month old," the Websense researchers write.

"As a result of this they do not appear suspect, and with enticing and legitimate-enough names, a user could easily be misled into thinking these are for a good cause," they add.

People who open the rogue URLs are taken through a series of redirects until they reach a nicely designed landing website, that employs the familiar Skype color theme.

However, when clicking the large attractive download button featured on the first page, the users are asked for their email, full name and location.

Furthermore, they have to choose one of several "membership choices" to be on their way to the so called "instant access."

This is actually paid "instant access" that requires divulging credit card details and most likely results in identity theft – so, beware.

Another trick employed by this scam's authors is using a valid SSL certificate for the connection in order to add legitimacy to the rogue website.