Skype-Based Phishing Email Spreading over Internet
Security experts at Web and email security firm "Websense" advises about a latest phishing email which is targeting Skype users and is presently making rounds on the internet. Indeed, users are able to make voice calls on the internet with the help of this Skype software application.
It is being reported by "Websense" that the fake emails have been striking its spam traps via a large number and contain the heading as "Download VOIP Addons for Skype Free Talks."
Having a hoax 'From' option, the emails pretend to be sent from Skype Support and the included message tells about the available Skype updates.
Among the exciting latest features which are publicized in the rogue mail are most free talk time via VoIP, lesser costs for making landline calls, better call recording quality and a PSP (PlayStation Portable) version.
For downloading these claimed features users are advised to open a particular link, which as per the phishing email will direct the user to a "Skype Updates Center".
As per "Websense" security experts, the URLs are quite new, e.g. the domains that are in use are in operation for less than a month. Because of this, they don't yield any doubt and having such interesting and quite authentic names (e.g. Skype) a user can easily be tricked into believing that this is for good, according to a report published by websense.com on 13th September, 2010.
The experts added that the URLs when opened contain many redirections till it reaches the payload, where a shadow.js file that includes a malicious schedule is attached to the URL.
It is a disturbing fact that the purpose of this attack is tricking users into disclosing personal information like credit card information, name etc. as this presents the user a payment page that pretends to be a URL using SSL (Secure Sockets Layer) for secured payment, highlights the "Websense" researchers.
Regarding the maliciousness of these rogue emails, security researchers advise the users to be more alert and ask them to avoid providing any personal information such as credit card details and names in marketing emails which they receive on their inbox. Also, the netizens are instructed to install best quality Internet security software, so that such phishing emails could be detected at the very initial point.
Related article: Skype Plugs Critical Security Hole
» SPAMfighter News - 28-09-2010