14 DAY TRIAL // The famous VoIP client Skype is now involved into another trouble after the outage reported last month. It seems like some of the users receive an email which recommends them to update the Skype account in order to keep it open and redirects them to a Skype-like website. Obviously, this is a phishing attack because the malicious page requires the users to login with their usernames and passwords which will be then used by the attackers. This new phishing campaign was reported by Duncan Riley from TechCrunch who wrote that "I have about $12 AUD in credit, which I suppose could be used to make calls, but it hardly seems worth the effort."
However, some people might be really affected by these fake messages if they are so naive to provide their private information. The URL link included in the mail redirects the users to a fake website that looks similar with the one owned by Skype and demands the usernames and the passwords of the visitors. This is what the email message reads:
"Dear valued Skype member: It has come to our attention that your skype account informations needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could take 5-10 minutes out of your online experience and update your personal records, you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension. Please update your records on or before SEP 16, 2007."
What's more interesting is that the message was sent into a Gmail account, the Google mail technology which became famous for its powerful security filters. As Duncan Riley mentions, the email arrived in the inbox so the Google service didn't notice that it is only a phishing scam.
Just like usual, a small piece of advice: avoid visiting the URLs included in the email messages which require you to provide your username and password. In addition, check the address of the URL in the address bar of your browser to be sure that it is the official one and not a phishing attempt.