Skip to main content

Skype Phishing from ONLINE HELP

It seems that many users are receiving Phishing phone calls through Skype from a profile called 'ONLINE HELP'. This call, if answered, plays a recorded message telling the user that their computer is not protected and that they must go to visit www.hosog.com. If you do visit this site, it is riddled with malware. This is a phishing scam!

The user account that I have observed is drationlinehelpgb and shows as being registered in the US, but seems to have been taken down now. However, others have reported a user account of drajizonlinehelp, which appears to be registered in Afghanistan. This one is still live at the time of writing and is using the same 'ONLINE HELP' profile name. It would appear that new accounts are being created as the old ones are blocked by people and reported for abuse to Skype.

It is slightly worrying the number of people who are reporting having answered this call. If you receive any unsolicited calls through Skype from users outside your contacts, don't answer them. Indeed you should actually change your privacy settings in Skype if you haven't already. Choose the Privacy... menu item in the Skype menu to open up the Privacy settings tab in the Options dialog. Make sure that all the options are set to people in my Contact list only. I suggest that you also don't share your online status on the Web. You shouldn't now receive calls out of the blue from scammers.

The problem is that people are becoming trained into accepting connections in social media sites and it spills out into their other online activities. People still think that SPAM and phishing scams only happen over email. Actually, people are usually fairly vigilant with their email, so it is more likely to be successful if they try other avenues. Sophos did an experiment at the end of 2009 where they created two fictitious Facebook users, one with a profile picture of a rubber duck. They had thousands of people sign up to 'friend' them. How carefully do users check links from their 'friends'? It opens up a very good channel for SPAM and phishing attacks. As a general rule of thumb don't connect or share details with anyone you don't personally know through social media, voip, email, etc. Also, if you use these media channels a lot, you should think about investing in a security product to help protect you.

Comments

Popular Posts

You say it's 'Security Best Practice' - prove it!

Over the last few weeks I have had many conversations and even attended presentations where people talk about 'Security Best Practices' and how we should all follow them. However, 'Best Practice' is just another way of saying 'What everyone else does!' OK, so if everyone else does it and it's the right thing to do, you should be able to prove it. The trouble is that nobody ever measures best practice - why would you? If everyone's doing it, it must be right.

Well, I don't agree with this sentiment. Don't get me wrong, many of the so-called best practices are good for most organisations, but blindly following them without thought for your specific business could cause as many problems as you solve. I see best practice like buying an off-the-peg suit - it will fit most people acceptably well if they are a fairly 'normal' size and shape. However, it will never fit as well as a tailored suit and isn't an option for those of us who are ou…

Coventry Building Society Grid Card

Coventry Building Society have recently introduced the Grid Card as a simple form of 2-factor authentication. It replaces memorable words in the login process. Now the idea is that you require something you know (i.e. your password) and something you have (i.e. the Grid Card) to log in - 2 things = 2 factors. For more about authentication see this post.

How does it work? Very simply is the answer. During the log in process, you will be asked to enter the digits at 3 co-ordinates. For example: c3, d2 and j5 would mean that you enter 5, 6 and 3 (this is the example Coventry give). Is this better than a secret word? Yes, is the short answer. How many people will choose a memorable word that someone close to them could guess? Remember, that this isn't a password as such, it is expected to be a word and a word that means something to the user. The problem is that users cannot remember lots of passwords, so remembering two would be difficult. Also, having two passwords isn't really…

Security is a mindset not a technology

I often get asked what I look for when hiring security professionals and my answer is usually that I want the right attitude first and foremost - knowledge is easy to gain and those that just collect pieces of paper should maybe think about gaining experience rather than yet more acronyms. However, it's difficult to get someone to change their mindset, so the right attitude is very important. But what is the right attitude?


Firstly, security professionals differ from developers and IT engineers in their outlook and approach, so shouldn't be lumped in with them, in my opinion. The mindset of a security professional is constantly thinking about what could go wrong (something that tends to spill over into my personal life as well, much to the annoyance of my wife). Contrast this with the mindset of a developer who is being measured on their delivery of new features. Most developers, or IT engineers, are looking at whether what they have delivered satisfies the requirements from t…