Friday, July 1st, 2011

AVG (AU/NZ) Pty Ltd, the distributor of the award-winning AVG anti-virus and Internet security software in Australia, New Zealand and South Pacific, is warning of newly emerging social engineering attacks on users of the popular Skype phone and messaging service.

Local reports are increasing of Skype users being targeted by so-called 'vishing' (or voice phishing) attacks - a new variation of e-mail-based spear phishing. This new kind of attack is particularly insidious in that it combines both voice and text to try and dupe users into thinking they are receiving legitimate calls.

While online, users are receiving automated voice messages via Skype saying their PCs have been checked for viruses, that a 'fatal virus' was found and advising them to repair the problem with a lure which is actually to a malicious web site.

The aim of the cyber criminals is to get their victims to download malicious software disguised as security updates or rogue antivirus programs onto their computers. Or to scam users into providing personal information that can be used to break into their financial, social networking and other online accounts.

Lloyd Borrett, Security Evangelist at AVG (AU/NZ), advises: "While Skype works hard to prevent these kinds of attacks, users need to be vigilant. Although many users have learnt how to spot and resist suspect e-mails and Internet chat messages, we aren't conditioned to be as wary of phone calls.

"With land lines and mobile phone calls, all contact with unwanted callers can be cut simply by hanging up. But because Skype calls are placed over an Internet connection, once the digital connection is established, it can be used as an open conduit regardless of whether you're participating in an online call or not."

Borrett's advice is to hang up immediately on the Skype call, block the user and report the user for abuse. "By reporting abuse by the user, Skype's automated systems for blocking malicious users will be updated and you'll be helping to protect the greater Skype community.

"As a general rule, don't accept calls from sources you aren't familiar with. Certainly don't follow any instructions from unknown parties, just as you wouldn't click on or visit unknown URLs, or download attachments that seem suspicious."

As a preventative measure AVG (AU/NZ) suggests changing your Skype account settings as follows:

  • Open Skype and click on the 'Skype' tab to view the drop down menu

  • Click on the 'Privacy' option and the 'Skype - Options' panel should pop-up

  • The 'Privacy settings' tab should already be open, but if not click on it

  • Click on the 'Show advanced options' button

  • Under 'Allow calls from…' click on the 'People in my Contact list only' radio button

  • Under 'Automatically receive video and screen shots from…' click on the 'People in my Contact list only' or 'No one' radio buttons

  • Under 'Show that I have video to…' click on the 'People in my Contact list only' or 'No one' radio buttons

  • Click on the 'Calls' tab

  • Click on the 'Show advanced options' button

  • Under 'Allow calls from…' click on the 'People in my Contact list only' radio button

  • Make sure the 'Answer incoming calls automatically' check box is unchecked

  • Click on the 'IM & SMS' tab

  • Click on the 'Show advanced options' button

  • Under 'Allow IMs from…' click on the 'People in my Contact list only' radio button

  • Click on the 'Save' button at the bottom right of the panel

If you give out your Skype number frequently, or it is not otherwise practical to only accept calls from known contacts, ensure the 'Answer incoming calls automatically' option is not selected, as described above, to retain the option of denying calls from suspicious sources.

AVG (AU/NZ) has a comprehensive range of security tips on its web site at http://www.avg.com.au/resources/security-tips/. For video tips from AVG (AU/NZ), see http://www.youtube.com/user/avgaunz.

Keep in touch with AVG (AU/NZ)

Contact Profile

Keywords

AVG, Internet Security, Skype, Cyber criminals, anti-virus, vishing

Categories

Sharing

More Formats