The following article discusses a recent Skype hack involving a high-ranking employee of a prominent IT company in Russia. We note this fact to explain that the victim of the hacking was fairly knowledgeable about online security.
A prominent IT professional had her Skype account hacked recently. The hackers then went through the victim’s contact list to persuade people out of hundreds of dollars. Within a single hour, the victim’s contacts had given the scammers around $1,500.
Seeing as the victim was a high-ranking employee, the hackers had access to over 300 people on her contacts list. The money requests were in small amounts, around $250, to avoid suspicion and make it easier for the scammers to achieve their goal. Another reason why the amount was so low was the maximum limit people could send through online money transfer system that is easily accessible.
The victim’s friends were told that she would pay them back the next day, and simply needed to quickly reload her account to make a time-sensitive purchase online. This was believable enough for the victim’s friends not to suspect anything, so the hackers didn’t come across any issues with them calling the victim for verification. In fact, some friends even sent the funds twice!
Here’s a conversation between the hackers (H) and one of the friends (S).
H: Hey, I need a little help.
S: What’s wrong? Tell me!
H: It’s nothing serious. I just need to borrow some money. I can pay you back tomorrow.
S: How much do you need? I can help if I have enough in my bank account.
H: Just $250.
S: That’s doable. How do I get it to you?
S: Should I send it to your account? What’s the number?
H: I actually have to pay with my account, but it’s not letting me load more money. Can you pay it for me?
S: Yeah, that’s fine. What’s the account number or whatever information I need?
H: Here (link to page).
S: It says I need the “recipient’s bank account.”
H: Hello? S!
S: Sorry, I was changing Nate’s diaper.
H: Oh okay. Here’s the account #.
S: Okay, let me just put Nate to sleep and I’ll send the money. He’s still crying a bit.
H: Sure thing. I’ll be online.
S: Okay, here’s the transfer confirmation number.
H: Oh, S… Do you think you could send me another $250? It’s all right if you can’t, but I can sent you back $500 tomorrow through my bank account with interest.
When the victim figured out what was going on, there was barely anything she could do to remedy the situation.
The victim had to speak with Skype Customer Service for days since it needed some time to go through the account activity. Once Skype did get back to her, however, all it said was that the account was hacked and she needed to reset her password. Unfortunately, the victim couldn’t use the password recovery link because the hackers had already changed the associated e-mail address. She had told Customer Service all of this, but this information was apparently overlooked.
What followed was a few days of Skype asking the victim to submit a verification form, not once, but twice. As days passed, the victim’s friends began to get impatient and the hackers were still scamming people from the contact list they hadn’t already asked. Even after requests to block the account, Skype refused to do so until the entire matter was solved.
The victim ended up filling in the entire verification form correctly except one question – When was the account created? Skype refused to give the victim back control because of this, and decided that the problem was too complicated to address any further. The only solution, or lack thereof, they had was to suggest that the victim just create a new account. What was the use? By the time Skype had given up, the hackers had obtained around $5,000 from this Skype scam.
One of the victim’s friends, on the other hand, tried to receive a refund by blocking her credit card and asking her bank for a cancellation. Since she had never used the money transfer service before, she was temporarily granted the refund and asked to file a police report. The bank required proof of a formal complaint to complete the cancellation process.
Unfortunately, it wasn’t easy getting proof from the police. When she got there, she was told to go back to the bank and bring back some other documentation. Then, when she went to her bank, it firmly stated that she first needed documents from the police. It was unfortunate that the local police department wasn’t familiar with cybercrimes, and therefore couldn’t be of much help to the friend. Finally, the friend was told by the local police to just ask the main Moscow police department for help.
Completing the transfer cancellation was proving to be difficult. Her bank would have to receive the police complaint, then spend several weeks figuring out the details. The account the friend used would be blocked, but the refund going through now seemed impossible.
The victim’s friends tried to contact the hackers directly by telling them the victim was taking action against them. However, the hackers were well-versed in their Skype scam and seemed to know perfectly well that the legal system would not be able to successfully do anything about it.
Are you protected from hackers?
In order to avoid mind-numbing situations like this, there’s only so much you can do. The best method of protecting yourself from a Skype scam like this is to make sure your accounts are secured.
Here’s a few things you can do to avoid getting hacked:
- Use a great password: It might sound obvious, but most people ignore this little tip.
- Don’t reuse passwords across numerous accounts: If you have the same password for many different accounts, you risk getting hacked that many times.
- Implement a two-step verification process, also known as two-factor authentication, for all your accounts: It might make signing in slightly longer, but you’ll be able to protect your account through SMS or e-mail verification.
- Avoid clicking on unsolicited URLs: Hackers use phishing websites to steal your information, so don’t click on any links that seem suspicious to you. Another tip is not to reply to unsolicited e-mails or private messages, especially if you don’t recognize the sender.
Do you have some other tips on how to stay protected from hackers and scammers? Share them in comments below.