Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Combined Voice and Text Based Social-Engineering Attacks Increasing on Skype

AVG UK And Ireland : 04 July, 2011  (Technical Article)
AVG is warning Skype phone users to be wary of unsolicited incoming calls and to change skype settings to prevent messages from unknown users

AVG Technologies has warned of newly emerging social engineering attacks on users of the popular Skype phone and messaging service.


Local reports are increasing of Skype users being targeted by so-called ‘vishing,’ a voice variation of e-mail-based spear phishing. This new kind of attack is particularly insidious in that it combines both voice and text to try and dupe users into thinking they are receiving legitimate calls.


Vishing plays out in the following sample scenario: While online, users receive automated voice messages via Skype saying their PCs have been checked for viruses and that a ‘fatal virus’ was found. The message then advises them to repair the problem by providing a link to a malicious web site.


The aim of the cyber criminals is to get their victims to download malicious software disguised as security updates or rogue antivirus programs onto their computers. Their ultimate goal is often to scam users into providing personal information that can be used to break into their financial, social networking and other online accounts.


Tony Anscombe, Ambassador for Free Products at AVG, advises: “While Skype works hard to prevent these kinds of attacks, users need to be vigilant. Although many users have learned how to spot and resist suspect e-mails and internet chat messages, we aren’t conditioned to be as wary of phone calls.


“With land lines and mobile phone calls, all contact with unwanted callers can be cut simply by hanging up,” Anscombe continued. “But because Skype calls are placed over an internet connection, once the digital connection is established, it can be used as an open conduit regardless of whether you’re participating in an online call or not.”


Anscombe’s advice is to hang up immediately on the Skype call, block the user and report the user for abuse. “By reporting abuse by the user, Skype's automated systems for blocking malicious users will be updated and you’ll be helping to protect the greater Skype community.


“As a general rule, don’t accept calls from sources you aren’t familiar with. Certainly don't follow any instructions from unknown parties, just as you wouldn't click on or visit unknown URLs or download suspicious-looking attachments.”


As a preventative measure, AVG suggests changing your Skype account settings as follows:


* Open Skype and click on the ‘Skype’ tab to view the drop down menu

* Click on the ‘Privacy’ option and the ‘Skype – Options’ panel should pop-up

* The ‘Privacy settings’ tab should already be open, but if not click on it

* Click on the ‘Show advanced options’ button

* Under ‘Allow calls from…’ click on the ‘People in my Contact list only’ radio button

* Under ‘Automatically receive video and screen shots from…’ click on the ‘People in my Contact list only’ or ‘No one’ radio buttons

* Under ‘Show that I have video to…’ click on the ‘People in my Contact list only’ or ‘No one’ radio buttons

* Click on the ‘Calls’ tab

* Click on the ‘Show advanced options’ button

* Under ‘Allow calls from…’ click on the ‘People in my Contact list only’ radio button

* Make sure the ‘Answer incoming calls automatically’ check box is unchecked

* Click on the ‘IM & SMS’ tab

* Click on the ‘Show advanced options’ button

* Under ‘Allow IMs from…’ click on the ‘People in my Contact list only’ radio button

* Click on the ‘Save’ button at the bottom right of the panel


If you give out your Skype number frequently, or if it is not otherwise practical to only accept calls from known contacts, ensure the ‘Answer incoming calls automatically’ option is not selected, as described above, to retain the option of denying calls from suspicious sources.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo