Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Skype - not as secure as you might think

But now it seems the Skype client software may also be flawed, as the experts over at Secure Science have revealed the system can be used as an advanced phishing platform.

In a process known as `SkypeSkrayping', Secure Science says that users are being contacted - ostensibly by Skype HQ - via instant messaging, and offered a free $25.00 credit if they visit a site.

Of course, the site is a frame or image-infected one and - quelle surprise - the Skype user ends up being infected in response to the link in the instant message.

The bad news is that, once infected, it seems the fraudsters can gain remote access to the users' Skype account and add extra facilities which can then used by the remote user or, perhaps worse, used to phish for other victims and so tarnish the phished users' reputation.

Interestingly, Secure Science says that the phisher can also gain access to the phishee's outbound telephony calling facility.

This could be used, Infosecurity notes, to make free (to the fraudster) international phone calls via so-called spoof Caller ID services, which are normally charged a premium, and perform other scams as a result.

The good news is that Skype says it is aware of this client software flaw and is working on an update.