Hey (…), catch photo!
Wer sich via PC-Browser im Skype anmeldet, koennte von einem der Kontakte eine Textnachricht bekommen, die ungefaehr so lautet: “Hey (Skype-Name), catch photo!”. Dazu gibt es einen Link, der vertraut aussieht, letztendlich aber ganz woanders hinfuehrt und der sein eigentliches Ziel verschleiert. Niemals darauf klicken!
Mittlerweile ist das Problem bekannt. Als Loesung sollte man sein eigenes Skype-Zugangspasswort aendern, denn in der Vergangenheit sind anscheinens Listen mit Skype-Zugangsdaten gestohlen worden, die unter anderem mittlerweile von russischen Cyber-Kriminellen verwendet werden. Vorsicht ist also geboten.
Hier der Loesungsansatz im originalen Wortlaut:
“We’ve been working on the spam problem some of you have experienced. Whilst there has been no breach of the network, or malware exploit of a vulnerability, our investigations indicate that attackers are using a list of stolen usernames and their associated passwords to try and log into Skype accounts. Although most of their attempts are blocked or fail – many of the usernames they try don’t event exist as Skype usernames – a small percentage are successful.
Unfortunately, login credentials are highly valued by motivated and resourced cyber criminals whose efforts to steal them are not only a challenge for the IT industry and law enforcement, but society as a whole. Our conclusion is that this issue impacts customers who use, or have in the past used, the same username and password combination they use for Skype on other services as well, and at some time in the past have had those credentials stolen – possibly through a phishing attack or some other form of cybercriminal activity.
We started investigating the spam issue when it first appeared and have put in place measures to block the attackers and protect customers. Without giving details that would inadvertently tip off those behind the spam, I can tell you that we have implemented a number of measures to harden the spam detection and login process.
With control of a username and password an attacker won’t need your device to be switched on to send spam. The best defence is to change your Skype password. If you can’t remember your Skype password, this guide will help. If you have linked your Skype account to a Microsoft Account, or some other service like Facebook, make sure you change the password you use uniquely for Skype and allow 24 hours for it to take effect. And of course, make sure you choose a strong password. This information will help you. If you haven’t already, you might also consider adding a valid email address and phone number to your Skype profile so we can better help you recover your account should that ever be needed.
We take the security of our customers’ accounts very seriously and our vigilance is constant.” Source: Skype-Community