Monday, November 24, 2008

Broken Skype security enables Phishers

If this looks familiar, it should. Only this time, it's not PayPal's security that's broken. Instead, Skype users that use something called Pamela to manage their phone accounts should be extra careful. Customized phishing attacks aimed at your PayPal info are in the wild:

Skype users who use a piece of software dubbed Pamela to manage their online phone accounts should be on the lookout for customized phishing attacks following revelations that one of more user databases containing names and email addresses have been breached.

The attack, which took place last week, has already led to one phishing campaign that calls recipients by their real names and then tries to trick them into turning over personal information. That added personal touch could throw some users off guard because most phishing emails address their marks by generic terms such as "Dear PayPal User."

Nobody who asks for your account info via email can be trusted. Nobody. Don't ever give it via email, and don't ever give it via a web link in an email.

Instead, if you get an email saying there's a problem with your account, and if the email looks like it might be legitimate, don't click the link in the email. Instead, go directly to the web site. There will be a link for "Support" on the main page. From here, you will be able to either find the problem ("My Account" or something like that) or ask for help.

For example, has a link ("Log In") on their home page. If you get an email telling you that there's a problem with your account (trouble at the mill), handle thsi manually:

1. Open a new browser (you're using Opera for financial transactions, right?).

2. Log in.

3. There will be a notification of the problem. No notification, no problem.

No comments: