User accounts start sending malicious links on Skype

Jul 20, 2015 08:46 GMT  ·  By

A number of Skype accounts have recently been spoofed and started sending links to all contacts out of nowhere, several users are complaining on the official forums, calling for Microsoft to step in and provide a solution to make sure that their accounts are perfectly secure.

The first reports were posted online approximately three weeks ago, when users reported on the official Skype forums that they started receiving messages from their contacts with links included. Others confirmed that their accounts also sent such messages all by themselves.

“My account sent out the same message OP describes. The message was sent at 2345 UTC on 01-07-2015 to all contacts. As a precaution, I changed my Skype password on a different machine. I also checked whether anything strange was accessing the API, but this did not appear to be the case,” one user explained 3 weeks ago.

Reset your password

Microsoft has already acknowledged the reports and has said that it’s investigating the issue, but surprisingly, no workaround has been provided in these three weeks since the first complaints reached the web.

Instead, the company stresses that users who notice unusual activity of their accounts should reset their passwords, as they most likely got spoofed.

“Our engineers are still looking into this. Meanwhile we'd recommend everyone to change their account passwords for all your Skype related accounts, i.e. also update your Microsoft account password if you linked that to your Skype account,” a company rep says.

The links included in the spoofed messages are getting users to a Russian website that attempts to trick people into downloading files that could be infected, so if you’re getting this kind of message these days, it’s better to avoid clicking it by any means.

Antivirus applications don’t seem to detect any unusual activity with these incoming messages, so it’s still hard to tell how exactly all these accounts got spoofed. Microsoft is expected to provide more information very soon, so we’ll keep you posted to let you know what exactly happened and how to protect your account.