SAN JOSE, Calif.--(BUSINESS WIRE)--AVG Technologies, a leading provider of internet and mobile security, today warned of newly emerging social engineering attacks on users of the popular Skype phone and messaging service.
Local reports are increasing of Skype users being targeted by so-called ‘vishing,’ a voice variation of e-mail-based spear phishing. This new kind of attack is particularly insidious in that it combines both voice and text to try and dupe users into thinking they are receiving legitimate calls.
Vishing plays out in the following sample scenario: While online, users receive automated voice messages via Skype saying their PCs have been checked for viruses and that a ‘fatal virus’ was found. The message then advises them to repair the problem by providing a link to a malicious web site.
The aim of the cyber criminals is to get their victims to download malicious software disguised as security updates or rogue antivirus programs onto their computers. Their ultimate goal is often to scam users into providing personal information that can be used to break into their financial, social networking and other online accounts.
Tony Anscombe, Ambassador for Free Products at AVG, advises: “While Skype works hard to prevent these kinds of attacks, users need to be vigilant. Although many users have learned how to spot and resist suspect e-mails and internet chat messages, we aren’t conditioned to be as wary of phone calls.
“With land lines and mobile phone calls, all contact with unwanted callers can be cut simply by hanging up,” Anscombe continued. “But because Skype calls are placed over an internet connection, once the digital connection is established, it can be used as an open conduit regardless of whether you’re participating in an online call or not.”
Anscombe’s advice is to hang up immediately on the Skype call, block the user and report the user for abuse. “By reporting abuse by the user, Skype's automated systems for blocking malicious users will be updated and you’ll be helping to protect the greater Skype community.
“As a general rule, don’t accept calls from sources you aren’t familiar with. Certainly don't follow any instructions from unknown parties, just as you wouldn't click on or visit unknown URLs or download suspicious-looking attachments.”
As a preventative measure, AVG suggests changing your Skype account settings as follows:
- Open Skype and click on the ‘Skype’ tab to view the drop down menu
- Click on the ‘Privacy’ option and the ‘Skype – Options’ panel should pop-up
- The ‘Privacy settings’ tab should already be open, but if not click on it
- Click on the ‘Show advanced options’ button
- Under ‘Allow calls from…’ click on the ‘People in my Contact list only’ radio button
- Under ‘Automatically receive video and screen shots from…’ click on the ‘People in my Contact list only’ or ‘No one’ radio buttons
- Under ‘Show that I have video to…’ click on the ‘People in my Contact list only’ or ‘No one’ radio buttons
- Click on the ‘Calls’ tab
- Click on the ‘Show advanced options’ button
- Under ‘Allow calls from…’ click on the ‘People in my Contact list only’ radio button
- Make sure the ‘Answer incoming calls automatically’ check box is unchecked
- Click on the ‘IM & SMS’ tab
- Click on the ‘Show advanced options’ button
- Under ‘Allow IMs from…’ click on the ‘People in my Contact list only’ radio button
- Click on the ‘Save’ button at the bottom right of the panel
If you give out your Skype number frequently, or if it is not otherwise practical to only accept calls from known contacts, ensure the ‘Answer incoming calls automatically’ option is not selected, as described above, to retain the option of denying calls from suspicious sources.
AVG has a comprehensive range of security tips on its web site at http://www.avg.com.au/resources/security-tips/.
About AVG
www.avg.com
AVG is a global security software maker protecting more than 110 million consumers and small businesses in 170 countries from the ever-growing incidence of Web threats, viruses, spam, cyber-scams and hackers on the internet. AVG has nearly two decades of experience in combating cyber crime and one of the most advanced laboratories for detecting, pre-empting and combating Web-borne threats from around the world. Its free, downloadable software allows novice users to have basic antivirus protection and then easily upgrade to greater levels of safety and defense when they are ready. AVG has nearly 6,000 resellers, partners and distributors globally including Amazon.com, CNET, Ingram Micro, Play.com, Wal-Mart, and Yahoo!
Keep in touch with AVG
- For breaking news, follow AVG on Twitter at www.twitter.com/officialAVGnews
- For security trends analysis, follow AVG blogs at http://blogs.avg.com
- Join our Facebook community at www.facebook.com/AVGfree
- Join our LinkedIn community LinkedIn