Fake E-mails Masquerading as VoIP Service, Skype Circulating
MX Lab warns of scam e-mails posing as messages from well-known Voice-over-IP (VoIP) service Skype Communications that inform recipients they have got one fresh Skype message.
Bearing the header "You received a new message from Skype voicemail service," the scam e-mail states that being automated; the message requires no answer. It's a voice message alert that there's one fresh message for the recipient from Skype.
The e-mail further gives the so-called Skype-based call's details, including its time as well as length.
It as well tells that in case of difficulty continuing for the e-mail recipient in restoring his Skype Name, he may communicate with support agent through the URL link https://support.skype.com/support_request.
The e-mail tries to sound legitimate so the scammers write that users must safeguard their password as employees at Skype won't ever request for subscribers' password over electronic mail. If at all the password is requested it'll be while logging into Skype else onto the service's website during any account check or purchase done. The logging-in will always be through secure connection. Therefore, subscribers must make sure their Web-browser shows the URL as https://secure.skype.com. The browser must also display one small padlock, an indication for secure connection.
The e-mail then calls on to be wary of e-mails which ask for urgent action else A/C details. URLs having unusual addresses alternatively websites which present unauthorized Skype downloads must be carefully handled. For accessing product upgrades or security updates, subscribers can utilize their upgrade utility or access http://www.skype.com, the e-mail suggests.
But, although the web-links in the fake e-mail lead onto Skype's original site, the included attachment presented in a zipped format conceals one dual extension file labeled .wav.exe, which is tainted with malware, explains MX Lab researchers.
This malware is a variant of ZeuS Trojan, the banker malware which seizes sensitive info saved on the infected computers.
Hence, incase anyone receives the above mentioned e-mail or a similar one, he must delete it instantly. In case one has already been victimized with the attack then he should routinely run up-to-date AV software to scan his PC, the security company concludes.
» SPAMfighter News - 09-12-2013