Security Corner

Aug 25 2010   1:18AM GMT

Skype Phishing Attempts and Account Hacking – Part 2



Posted by: Ken Harthun
Tags:
Hacking
Identity Theft
Security
Security practice
Skype

The news today is not good for many of those who have had their Skype accounts hacked. As part of my investigation in one wave of Skype phishing attempts, which I detailed in Skype Phishing Attempts and Account Hacking – Part 1, I attempted to recover a Skype ID. I was not successful for the test account (thanks again to my friend Allen D. for his help). Apparently, if you have never bought any credits from Skype–in essence, making you a “free” member–they don’t extend to you the ability to recover your password. So, if you get hacked, the hacker pwns your Skype ID forever. Not good, especially if you have used your real name (many people use IDs like mine: ken.harthun1). Fortunately, since I use Skype credits for regular calling, I have full access to the recovery features. I subscribe to the plan that allows me unlimited calls to regular phones in the U.S. and Canada. This costs $8.40 quarterly. I consider that cheap insurance.

Besides purchasing something at least once from Skype, there are other steps you must take for maximum security and “recoverability.” Here they are.

1. Sign up for a Gmail account and secure it with at least a 10-character RANDOM password. I’m talking like gtJ62kl9xL or something similar. Yes, you really need to do that.

2. Use the Gmail account to sign up for your Skype account and then don’t use it for anything else.

3. Use a 10-character RANDOM password when you sign up for your Skype accounts.

4. Use something other than your real name for your PUBLIC Skype ID; i.e., don’t use joe.blow, use jblow2341 or something of the sort. You can set up a second PRIVATE Skype ID with your real name.

5. Use the PUBLIC Skype ID for rooms, forums and chat; reserve the PRIVATE Skype ID for trusted contacts only.

6. If you have a PayPal account and don’t already have the PayPal Security Key, get one immediatley. The PayPal Security Key creates random temporary security codes that help safeguard your PayPal account when you log in. If a hacker ever gets your PayPal information, they won’t be able to log in without the security key. This is important if you plan to use PayPal for purchasing any credits on Skype.

7. For both your PUBLIC and PRIVATE Skype IDs, immediately purchase Skype credits or subscribe to a calling plan so you have a purchase record/history with Skype. Use PayPal or a credit card. The reason you want to do this is so that you have information that identifies you without a doubt–information that the hacker won’t have. You don’t have to make ongoing purchases, just a one-time purchase.

8. As soon as the purchase has been completed, immediately delete your stored payment details under the Settings and Extras section in each account. This prevents a hacker from getting any sensitive information.

If you do these things, you will have a verifiable identity with Skype because you will have information that only you know. If your account is ever hacked, you will be able to provide this information to verify your identity and reset your password; otherwise, you’re at the mercy of Skype’s support to recover your identity and you may or may not be able to do that. In any event, it will be an ordeal.

One more thing: Never click on any link anyone sends you asking you to log into Skype. This is especially true for one that does not begin with https:// and end with skype.com. Anything else is suspect.

Questions welcome here, or via Skype @ken.harthun1.

Be safe.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: