Like most people, I thought I’d seen everything in terms of phishing scams. Paypal and bank phishing emails are a regular occurrence in most people’s inboxes. Then I received this:
Why in the world would a scammer want my Skype details? I have about $12 AUD in credit, which I suppose could be used to make calls, but it hardly seems worth the effort.
Notably, Gmail did not pick the email up as being a scam.
I checked the html for the email: the alleged skype link goes to a page on cec-icmc.org that is set up to look just like a page from Skype.
A quick search on Google results in other instances of Skype scams, but I didn’t find one exactly like this. In context, I don’t use Skype Out that often and Skype occasionally sends emails telling me that I have to use Skype Out to maintain the Skype Out credit, along with my Skype In number. This phishing scam keeps to the similar theme, in that Skype legitimately does on occasion request account updates.
A word of warning to the many, many Skype users out there: don’t trust emails claiming to be sent by Skype. If you’re already smart to this: good for you.
Always do a Whois Check and Report them!!
Server Type: Apache
IP Address: 66.98.252.6 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]
IP Location United States – California – Altadena – Everyones Internet
Response Code: 200
Blacklist Status: Clear
Domain Status: Registered And Active Website
Registry Data
Created: 1997-11-19
Expires: 2011-11-18
Whois Server: whois.pir.org
DomainTools Exclusive
IP History: 5 changes on 4 unique name servers over 3 years.
Whois History: 2 records have been archived since 2001-06-15
Reverse IP: 100 other sites hosted on this server.
Monitor Domain: [Monitor this domain] Set Free Alerts on cec-icmc.org
Free Tool: Download DomainTools
Whois Record
Domain ID:D635571-LROR
Domain Name:CEC-ICMC.ORG
Created On:19-Nov-1997 05:00:00 UTC
Last Updated On:23-Aug-2007 15:23:40 UTC
Expiration Date:18-Nov-2011 05:00:00 UTC
Sponsoring Registrar:Network Solutions LLC (R63-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:23737783-NSI
Registrant Name:CEC-ICMC
Registrant Organization:CEC-ICMC
Registrant Street1:801 Main Street, Suite 010
Registrant Street2:
Registrant Street3:
Registrant City:Louisville
Registrant State/Province:CO
Registrant Postal Code:80027
Registrant Country:US
Registrant Phone:+1.3034992299
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:Whois Privacy and Spam Prevention by DomainTools.com
Admin ID:23737786-NSI
Admin Name:Centennial Conferences
Admin Organization:Centennial Conferences
Admin Street1:4800 Baseline Road, Suite A-11
Admin Street2:
Admin Street3:
Admin City:Boulder
Admin State/Province:CO
Admin Postal Code:80303
Admin Country:US
Admin Phone:+1.30349922
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:Whois Privacy and Spam Prevention by DomainTools.com
Tech ID:3227808-NSI
Tech Name:Dave Bicksler
Tech Organization:Strategic Analysis, Inc
Tech Street1:3601 Wilson Blvd
Tech Street2:
Tech Street3:
Tech City:Arlington
Tech State/Province:VA
Tech Postal Code:22201
Tech Country:US
Tech Phone:+1.703527541
Tech Phone Ext.:
Tech FAX:+1.703527544
Tech FAX Ext.:
Tech Email:Whois Privacy and Spam Prevention by DomainTools.com
Name Server:SAGATE1.SAINC.COM
Name Server:SAGATE2.SAINC.COM
And you really naïve enough to think that that WHOIS information is going to lead anywhere?
Good find Duncan, I am sure there are some juicy tidbits connected to your Skype account that a phisher could go to town with. If only password / username. People tend to use the same ones for all sorts of things.
I did the reverse DNS lookup on that IP, and it looks like it hosts some other unsavory sites (i.e. credit card processing that looks shady) and the “alchemy shop”. The host probably doesn’t care, but Law Enforcement might, if the WHOIS contact details aren’t completely fake.
The amazing thing is that no matter how sophisticated these jerks get in sending spam, they still can’t seem to get the writing in English part down.
“your account informations”
Maybe a regular grammer checker should be built into a spam filter.
Hi Duncan,
I was charged like 20 bucks last month from nowhere at my Paypal account.
When I disputed, they send me a mail couple of days later to tell me the conclusion of the investigation found nothing unusual. And that was it!
Plenty of Nigerian letters, Viagra pills, Photoshop for 60 USD on today’s mail.
Mario Ruiz
@ http://www.oursheet.com
Does anyone know why phishers would like your Skypes info? Can you pull money from a debit card or paypal from the account somehow? Or maybe they found a way to resell the skype call minutes? And ideas?
You don’t have to respond to a phishing attempt to get ripped off with Skype.
Someone in France gained control of my account and made 85 calls and/or SMS messages using my SkypeOut credit to someone in Morocco. Fortunately, I didn’t keep much credit online — only about 20 euros and I didn’t accept Skype’s kind offer to auto-refill my account whenever it got low else I would be a penniless pauper today.
I wrote to Skype and never got so much as a reply. I quit using that account and unlinked it from my PayPal account.
My password was not “easy” and I didn’t even use the account enough to expose myself to malicious use — or so I thought. I’m inclined to believe it was an “inside” job by someone who works at Skype but I don’t suppose I will ever know for certain what happened.
Be careful…
“Notably, Gmail did not pick the email up as being a scam.”
Gmail has anti-spam features, which are easily the best I’ve seen in any web program. Gmail also scans your email to automatically generate and deliver ads for your viewing pleasure. To my knowledge, though, they aren’t yet smart enough to identify “scams.”
BUT, what if they are, in fact, smarter than you’ve given them credit for. Isn’t it possible that Google’s “dumb” filter knew you’d want to know about this particular scam. Based on your past emails, and perhaps based on your own blogging here at Techcruch, Google MUST have known you’d think this poorly written and designed phishing email was somehow newsworthy because, hey, it’s Skype! and not Paypal or some fake bank!
You think Google’s “anti-scam” software failed. I argue only that it might have performed exactly as intended. Some might say, “Um, Google doesn’t have an anti-SCAM feature.” I say, “What if it does have an anti-scam feature hidden in there somewhere. And what if…it’s also got a blogging suggest feature? One that suggests stories when you might have thought there was no story at all.
Utterly nefarious.
what about an anti-crap blog post feature?
I work in an IT department in the UK – with about 150 people in the company. We now receive in excess of 5,000 spam emails a day! We have various spam blocking software in place (MailMarshall), but we’ve still got to check approximately 1,000 emails a day by hand to check for validity.
Spam has got to be stopped or email will end being a tool of the past, because it will just become unusable.
Skype sucks big Time. They never got me started because of some cow who said I wasn’t better than her. Plus I blogged em several times anyway cause iam like that and told pplz who complained anyway cause they said it sucks too. So Skpye sucks cow utters for a living big time.
I’ve gotten previous emails from “PayPal” that used the exact same language as this “Skype” email. I think they’re the same people.
I’m surprised that the cec-icmc.org didn’t lead to a crunchbase page
Prank Calls (#7) and Duncan: See #3. If you have someone’s user name and password, there’s a great chance you can get into a bunch of other accounts. Most people use the same password for Skype and other sites, like amazon. That’s why amazon makes you re-enter your credit card number all the time — counter-measure to the phishers.
If you think about it, this is genius from a phisher’s perspective. Most people will have their guard down because “it’s just Skype. What can someone do with my Skype account?” Their yields from Paypal phishing have probably dropped a ton, and this Skype technique will probably be pretty effective for a while.
Sucks for everyone else.
These things are pretty sophisticated. The other day I got pretending to be from the Camber of Commerce regarding some lady suing me as an executive for the company I worked for. The info was so accurate. I freaked and click on the link … yes … dumb of me. But when I saw a .exe I reacted and canceled the download.
I felt so bad … I mean … I am always so hyper aware and always looking out and that one got me. So imagine what happened with execs that are not technology oriented. Or if my assistant had actually open the email before I did.
Scary stuff
Looks this pishing site has troubles in the past.
From looking to the thumbinal at whois.sc , you can see it was hacked by Arabic people recently and they posted message in Arabic language on the home page of the site.
I dropped Skype once I found MagicJack, too many security issues (I too suspect an inside job). Just read Skype’s forums and you’ll see the stolen passoword and hacked account thing is not uncommon.
I dont mind Skype at all, I like its call quality and the rates for calling countries. I had a major issue with Skype last week. I had about $10 credit, logged in one day and saw it was $1.50, I was like dayyum…check my call history in Skype (nothing there). I then logged in my account and exported a .csv file and there I saw about a hundred calls made.
I have a very strong password (8 characters, numbers, letters and characters). I ran the installed anti-malware software I have for viruses, trojans, keyloggers, or (serious) spyware, nothing. I e-mailed Skype and I am still waiting for a reply. Its pretty crazy.
Duncan Riley outsmarts a phishing email. Story at 11.
Should add the url to phishtank.com
Seriously, why the hell is this crap on Techcrunch? Duncan, your signal to noise ratio is getting worse and worse these days.
Just use a phone people! You cheapskates unnerve me!
http://fakestev...er.blogspot.com
Thanks for the tip. Better watch out for these phishing emails.
Skype information would be useful if the user has a payment agreement setup with PayPal (so they just add credit, Skype does their thing, and the user never has to go through the steps on the PayPal site). Think that’s the reason?
The difference between a personal post and a ‘public’ post is the same as the difference between an advice and a statement
Good luck Duncan
I would say it is to get access to the paypal account. Paypal phishing are too common these days not to be picked up by decent antispam servers/applications, so i believe this is a way to circumvent this matter. Phisher are getting smarter… .That’s all.
An other thing, but this has to be checked. Since you can now install widgets on skype, maybe those guys developped one (something that records your typing, a spyware, a mail relay etc.. etc..) and they’ve just found a way to propagate their widget.
Well the only way out is by logining in your skype account and check if there is any notice. I keep getting loads and loads of messages like this for Paypal.. mostly in my spam box.. (not even indox)
I just wrote about this, but it seems either trackbacks don’t work here, or my blog is screwed (more likely I guess)
http://tech.am/...-your-contacts/
why is techcrunch covering this while ignoring some well deserved startups? Not to mention this is nothing unusual if you use email at all.
There is a report here about someone who hacked into another’s website and launched a phishing Scam from that hacked server and they were from Syria!
http://qurl.co.uk/hetx
I have just received this e-mail which is obviously a scam as it is asking for all my personal info and bank account. I just thought I should post it somewhere and hope no one falls for such a stupid trap. Unfortunatelly, I have come to discover that some people DO FALL for such.
Skype promo NEVER arrives like this. It always has the HTML graphics and to contact them they never ask you to call them PERIOD. Besides the contact e-mail, as you can see at the end is :
skypepromo2008@yahoo.com.hk
DEFINITELY NOT SKYPE! This is a free account that a hobo can get just logging in on the internet!
KEEP YOUR EYES OPEN FOR THESE FREAKS.
Skype Awards Promo 2008
From The Desk Of The Promotions Manager
International Promotions/Skype Award Center
124 Stockport Road, Longsight,
Manchester M60 2DB – United Kingdom
Please visit our website http://www.priz...ification.co.uk
for more information on our lottery program.
Reference Number: 1037231LL
This is to inform you that you have won a prize money of Five Hundred Thousand
Pounds(Ј500,000,00.) for the month of October, 2008 Prize promotion which is
organized by Skype AWARDS. The Skype collects all the email addresses of the
people that are active online,among the millions that subscribed to various
websites. Six people are selected monthly to benefit from this promotion and you
are one of the Selected Winners.
PAYMENT OF PRIZE AND CLAIM
Winners shall choose from one of the payment option stated below:
A] Bank Wire Transfer
For this option, winners must provide the below stated information:
(1) Bank Full Name:
(2) Bank Full Address (including State and Country)
(3) Bank Telephone Number
(4) Bank Account Number
(5) Name of Owner of Account
(6) Swift Code
(7) Initial Charge of Transfer (I.C.O.T) – Ј1,650 (Must be paid before
transfer of funds)
B] International Certified Cheque
For this option, winners must provide the below stated information:
(1) Your Full Name
(2) Your Complete Mailing Address
(3) A Scanned Copy of your I.D clearly showing your face. (Note that this I.D
will be required to claim your parcel when it arrives your apartment).
(4) Insurance Fee & Shipment charge of Ј1000 (Must be paid before
consignment dispatch)
All funds must be claimed no later than 14 days from date of Draw Notification.
Any prize not claimed within this period will be forfeited.Stated below are your
identification numbers:
Below you will find a Processing Form, requesting your required Particulars.
Please provide all requested information to help us processs your claim in good
time.
Skype ONLINE PROCESSING FORM
REFERENCE NUMBER:____________________________
FULL NAMES:__________________________________
ADDRESS:
_________________________________________________CITY:_________________________
STATE:__________________________________
ZIP: _____________________
PHONE:/FAX__________________________________
COUNTRY_______________________________
SEX:_______________MALE
AGE:__________________
MARITAL STATUS: ________________
OCCUPATION: ________________________
E-MAIL ADDRESS: _______________________
DEPENDING ON PAYMENT OPTION YOU CHOOSE,YOU WILL BE TOLD HOW TO MAKE THE NEEDED CHARGES AVAILABLE.
NOTE THAT IF YOU ARE NOT COMING TO OUR OFFICE IN PERSON,NO DEDUCTIONS WHATSOEVER CAN BE MADE FROM YOUR WINNINGS.
Forms Should be returned to your claim agent with details below
Send all Correspondence to Fudiciary Agent Roy Smith
Email:skypepromo2008@yahoo.com.hk
TEL:+447035931957
Call him as soon as you receive this notification
CONGRATULATIONS ONCE AGAIN!!!
Yours in service
Patricia Elsworth
(Lottery Coordinator)
Skype (paid version) is completely unsecured and there customer service is non-existent. I would even call Skype SCAM! Yes I’ve paid them $10 and never got the money credited to the account. I had to use non-receipt Paypal claim to recover my funds, and Skype even did not bother to respond.
Advice: if you have improper funds handling problem with Skype paid via PayPal then use NON-RECEIPT claim as other type of claim will be automatically denied by PayPal.
I use and will continue to use there free calls service BUT I never ever will pay them even 1 penny!
There are many reliable and trustworthy VOIP providers that will not just take your money for nothing…
Hi! I received the same email from skype. It was too late for me to realise that it is not true because I already send my personal infos to them. Am I gonna be in big trouble.