Skype Phishing Scheme Can Steal Your Account Info

A new phishing scheme tricks Skype users into giving up passwords

If you're using video conferencing, you need to think twice before clicking links in emails that appear to come from Skype and other service providers. They could be phishing attacks.

Skype or WhatsApp?
Skype or WhatsApp?.

Hackers are trying to take advantage of the millions of people forced, because of the COVID-19 pandemic, to work from home and, for the first time, use video conferencing apps like Skype. The attackers crafted a phish email that can trick you into giving up your Skype password.

The details: Security site Cofense detailed a phishing email that tells recipients that they have "pending notifications" from Skype (which is owned by Microsoft).

Why is it so dangerous? Apparently, the link in the email takes you to a secure site ("HTTPS"), which could trick Skype users into trusting the link. In addition, the site auto-fills the user's name. If you follow those links in the email and fill in your password, you will be handing over your credentials to an attacker and, essentially, giving them control of your Skype account.

How to tell the difference: A closer look at the email sender reveals that, while it initially looks like it comes from a Skype user, it's actually a spoofed account. According to Microsoft, emails from Skype typically end in:

  • @emails.skype.com
  • @email.skype.com
  • @skype.delivery.net
  • @notifications.skype.com
  • @alerts.skype.com
  • @skype.net
  • @css.one.microsoft.com

If you do happen to click the phish link, check the URL. Note that it has a ".app" domain. If you close the link before entering your information, you should be safe.

Bottom line: Many of us are trying out new technology to stay connected to work and family. Hackers know that this may be unfamiliar territory for many and are trying to take advantage of that inexperience. Enjoy your new tools, but keep your guard up and do not click on links or fill in unfamiliar online forms with personal information.

Via: Tom's Guide

Learn More About Skype