Skype says scam calls on a steady decline
Skype has been battling wily adversaries abusing its service
IDG News Service - Skype has been battling wily adversaries who are abusing the Internet calling application to direct people to scam websites, but the Microsoft-owned service says the sham calls are decreasing.
The automated calls feature a computer-generated voice that tells the victim to visit a specific website, which often is selling bogus security software. The scam websites have usually been live on the Internet just a few hours, Adrian Asher, Skype's chief security officer, said in a phone interview Monday.
The scammers are abusing a feature in Skype that by default allows users to receive unsolicited calls from any other Skype user. Skype considered changing the default setting, but a sampling of users polled found they didn't want it to change for convenience reasons, Asher said.
That has left Skype to undertake other technical means to stop the problem. But the peer-to-peer nature of Skype in which calls are routed from a person's computer through other Skype users' computers makes it difficult to control, Asher said. At any one time, there may be as many as 47 million people logged into Skype, which makes the small percentage of scammers hard to detect.
The type of scam has gone through a few iterations. Initially, scammers contacted victims over Skype's instant messenger, sending malicious links, but Skype controlled the problem by changing its instant messenger settings, Asher said.
The scammers also have approached people directly by sending contact requests, which Skype has also been able to control as well, in part by making it difficult for scammers to see if a person has accepted their request, Asher said.
Asher said he isn't sure how scammers are harvesting user names, but anyone with a Skype account has access to the service's user search function, which can return dozens of user names at a time.
It's also not exactly known how the automated calls are set up. Asher said he suspects the scammers are running multiple Skype clients on either real PCs or virtual machines. Skype relies in part on users to report scam calls, so the suspect accounts can be deactivated. The best way to stop the calls is to change Skype's privacy settings to only allow communications from vetted contacts.
Asher said Skype is hoping to decrease the amount of time it takes to excise those malicious users from "tens of seconds" to just a single second. Faster reaction times raise the bar for scammers, who have to adjust their tactics and inevitably increases their costs.
"It's technically complex and actually expensive for these people," Asher said. "My belief is they can't be making money off of this."
Overall, the security measures have caused the number of scam calls to fall, but there are some occasional spikes.
"Sometimes they catch us off guard," Asher said. "I'm happy we're getting to the point where we see it eradicated or it is at a very small level."
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts