Skype fraud/security problem; this affects everybody with a Skype account
83I've been the victim of fraud through no fault of my own - it could happen to anybody with an e mail account
Following a totally unexpected problem with my Skype account as a result of fraud, my account was blocked by Skype. I have not received a resulution of the problem which was caused by a major problem with Skype's business account protocol, rather than any lapse of security on my part.
Skype is an internet telephone system or VOIP (Voice over internet protocol). It is possible to talk through Skype to another person with similar software installed at no cost. It is also possible to telephone landlines and cell phones in most world countries by buying credit (known as "Skypeout"). This has become popular in Europe where phone calls tend not to be as cheap as other places.
Chargeback alert
I have had a Skype account for over two years, and it has been very useful. They have improved line quality, and the annoying line echo is becoming a thing of the past. However, I had a shock on 21 January 2008 when I received an e mail from Skype to say that my account had been blocked, due to PayPal "chargeback", in other words, a problem payment.
Initially, I thought that a recent PayPal payment to Skype had been problematic, but checked and it was fine. Following a web search, I posted a message on Skype's forum board. I got a swift response from one of their moderators, a Mr Musgrave, who could not have been more helpful. His colleague Paraveterinary was also extremely supportive and promised to nudge Skype's Customer Services (CS) to contact me.
Skype summary
It's completely fake - and no relation to any business named Yonex
Meet the fraudsters
Skype CS finally admit to a major security problem
Credit remaining on 6 February 2008
Skype fraud section finally manage to block the fraudsters
- Skype account page
This is the secure way to access your Skype account, or you can log in through the next link. If a fraudulent business account has been established, you will see it listed once you log in.
How to use Skype
Wireless security - how to prevent being hacked in the open
Online safety - passwords
How the fraud took place without my knowledge
Eventually, someone from CS mailed me, providing a lot of suggestions for security practices which I already did. The possibility that it was not my problem, but that of Skype's then began to occur and I mailed them requesting details of the fraud dates and, crucially, whether it was necessary for the administrator of a business account to receive a confirmation e mail. Another message from CS informed me that they would not refund money as a result of fraud, since "every user has to take care of his/her security systems on private computers". An ironic statement as it would later transpire.
Account eventually unblocked by Skype
Although I received no answer to my requests, my account was unblocked by 24 January and I was able to change my password and access the business account to check details (see pictures). To my great surprise I discovered that I was now the "administrator" of a business account under the name of "Yonex Co. Uk". This was a shock and even more of a surprise to discover that three names had been "assigned" to the account - a "james board" (but using my Skype id), a "nicky1982nl" and "vandehiu". Even worse, these people had managed to extract €250 euro and begun to use it before the payment was stopped by Skype. The money, as I soon discovered, did not come from my PayPal account (I will explain why later).
Fraudsters' fictitious company details
There were UK VAT and company numbers provided; a quick web check proved they were fictitious. My first reaction was that someone had hacked into my Skype account and somehow accessed my password. Worse still, I used the same password for various accounts such as my e mail account and then took the next five hours to change all my passwords. However, there was no sign that any of my other mail accounts had been opened and, crucially, I use a different e mail address for my PayPal account. I am very careful with passwords; they are a combination of non-English words and numbers. Furthermore, I use three firewalls - one on the modem-router, another on my Airport Extreme wireless service (closed, password-protected network) and a third on my desktop and laptop, and rarely use public machines. I'm not suggesting that I am immune from hackers; my account ticks all the boxes in this respect. Since I use Apple Macintosh's OS X, I can't load malicious .exe files and trojan horses.
Account blocked again by Skype
I condensed all the fraudsters' details and mailed it to Customer Services on 25 January and, again, requested details concerning the confirmation e mail for business accounts. I also stated that the fraudsters' accounts were presumably blocked by this stage. By the Monday of the next week I had received no response to the confirmation e mail issue but, to my great annoyance, my Skype account was blocked again for the same reason - "chargeback". This time I also received a message concerning the payment - it was the same fraudulent attempt from 21 January. I am still mystified as to why I was blocked twice, when they knew I had not attempted fraud.
On 30 January 2008 CS mailed to admit the crucial detail - and I quote - "It does not require a confirmation email, when setting up a Skype business account, but the system uses notification emails, when orders are placed." For a company who takes security "very seriously" and places the onus on their users, it is an incredible failure to allow any user to nominate someone else's e mail address as the administrator without requiring any type of verification. On the same day they unblocked my account for a second time.
Two weeks later and Skype had not yet blocked the fraudsters
Since I was fast loosing confidence in Skype's Fraud and CS sections, I checked the accounts of the two fraudsters on 6 February (I should note that I can't access their personal details or transactions, since they are password protected). To my astonishment, the initial amounts of €200 and €50 euro had dwindled to €19.47 and €50.80 suggesting that their accounts had not been yet blocked and they had been allowed to use €179.73 since I reported the fraud. I mailed Paravetinary asking her to instruct Fraud to at least block the fraudsters account on 6 February and this was eventually done by 9 February. To date nobody from Skype's Fraud section has contacted me.
To repeat my main issue, at present anybody's e mail address can be used to set up a Skype business account without confirmation, a recipe for fraud and abuse.
- Skype home page
Home page for Skype, offering various VOIP services including free computer-to-computer calls. You can also establish a new account, buy Skype credit and download the Skype application. They also sell related hardware such as the Skype phone and head
- Skype Support
This is the official start point for help. Provide as much detail as possible, use full English (ie., don't use txt language), provide details of your operating system is relevant. You will receive a 'ticket' reference when you post your request.
- Skype's forum board
I'm not sure whether the moderators are voluntary or professional, but they are extremely helpful. Always remain polite and objective - they are not responsible for Skype policy and can only advise or forward your complaints or criticism to Skype CS.
- PayPal
You can use PayPal for a variety of web purchases, particularly eBay and Skype. Always ensure you use different e mails and passwords to your other crucial accounts.
- Some easy-to-adopt security tips for computing and banking
As the title suggested, these are my tips for better internet and (physical) banking protocol. At least you should periodically review your security - and try and adopt something from these tips.
What can you do?
To repeat my main issue, at present anybody's e mail address can be used to set up a Skype business account without confirmation, a recipe for fraud and abuse.
I suggest the following:
- add a business account yourself. It is a free service and allows you more control.
- monitor your Skype account via the web for suspicious activity [link below]
- ensure you use different e mail addresses for Skype and linked accounts (ie., PayPal)
- ensure you use different passwords for these accounts
- If you feel strongly about this, you could mail Skype CS to express your concern that a business account may be established with a verification e mail from its administrator [csl2@skype.net]
For more tips please check my "Easy security tips" hub.
CSO - Security information and risk management
- Skype crashes when skype4pidgin uses skype's API
I recently discovered skype4pidgin — pidgin plugin which allows to control skype chats via pidgin interface using skype API. But now skype crashes about every day. Here's the error I see in console after that: CODE*** glibc detected *** skype: munmap_chunk(): invalid pointer: 0x0b7d4b68 ****** glibc detected *** skype: malloc(): memory corruption (fast): 0x0b74b850 ***======= Backtrace: =========/lib/tls/i686/cmov/libc.so.6[0xb6ff4604]======= Backtrace: =========/usr/lib/libX11.so.6[0xb6ed36ce]/lib/tls/i686/cmov/libc.so.6[0xb6ff4604]/usr/lib/libX11.so.6(_XReply+0x10d)[0xb6ed3ccd]/lib/tls/i686/cmov/libc.so.6[0x/usr/lib/libXss.so.1(XScreenSaverQueryInfo+0x96)[0xb7fc9506]/lib/tls/i686/cmov/libc.so.6(__libc_malloc+0x95)[0xb6ff89c5]skype[0x884efc3]======= Memory map: ========/usr/lib/libxcb.so.1[0xb6c04ecc]/usr/lib/libxcb.so.1[0xb6c02d5d]/usr/lib/libxcb.so.1[0xb6c0330e]/usr/lib/libxcb.so.1(xcb_writev+0x67)[0xb6c036b7]/usr/lib/libX11.so.6(_XSend+0x16a)[0xb6ed3afa]/usr/lib/libX11.so.6(_XReply+0x63)[0xb6ed3c23]/usr/lib/libX11.so.6(XSync+0x67)[0xb6ec7507]skype[0x829ec58]skype[0x829efa6]skype[0x829e1c2]skype[0x829e8cd]skype[0x82db370]/usr/lib/libQtCore.so.4(_ZN11QMetaObject8activateEP7QObjectiiPPv+0x228)[0xb737f748]/home/arty/scripts/skype: line 2: 20800 Aborted LD_PRELOAD=/usr/lib/libv4l/v4l1compat.so skypeSince it is skype who crashes, and since skype4pidgin only uses legal API calls, I'm pretty sure this is skype's issue. I hope you guys can fix it.Oh, I'm using ubuntu 9.04 and latest linux skype. - 14 hours ago
- Skype and telephony device card
Hi all. I see all sorts of information about usb connection adapters (usb=>Rj-11) for home phones, but what can I do to utilize an old Rj-11 (d-link brand???) telephony card directly. I'm using Gentoo linux and have telephony device support built in the kernel, but I am wondering what else I may need to do to get this to work with Skype.I'm naively assuming it will not be "plug and play".Thank you for any info you can provide me. - 36 hours ago
- Search not working
I have recently installed Skype 2.0 on Linux Mint 7. I have a particular contact I am trying to add, but the Search doesn't work. I know the email addresses, Skype name, real name and location, but every search I have tried gives no results. I have even tried searches by location with a blank name - still nothing. If I can't add anybody I cannot use Skype. Can anybody offer a solution? - 3 days ago
PrintShare it! — Rate it: up down flag this hub
Comments
Thanks for your comment. Until Skype sort out this problem with unverified businesss accounts, all Skype users need to be vigilant.
As soon as I hear that they have modified their business account protocol, and requested a verification e mail from any intended administrators, I will post here.
I must have missed this hub earlier...
I, too, have Skype and use it fairly regularly. Good stuff to keep a keen eye out for here, thanks!
So much for the customer is always right eh? Thanks for this. I don't use Skype but am emailing this to a friend who does, regularly. Thanks for the heads up.
Thanks for informing us about this issue. I never have used Skype, but back in 2002 I accidentally fell an Scam via email on AOL. It looked like an official email, but I should have known better because AOL clearly they will never ask for your password. Good hub!
pjdscott, Can you explain why not having verification emails led to your account being locked?
I am presently locked out of my Skype account, it seems at least because my password has been changed and I cannot log into my account or recover my password.
You seem to suggest that they didn't get your password, because you mention that your details are password protected ("I should note that I can't access their personal details or transactions, since they are password protected").
Why does creating a business account without verfication cause your account to be locked?
Did the fraudsters just randomly pick your email address and then skype locked any skype accounts with the same email address?
Thanks,
-Joel
Hi Joel,
Many thanks for your question and sorry to hear about your Skype problems. Had Skype enabled verification mails once a business account was established, I would have known immediately that my account was hacked. I only realized about two weeks later because Skype blocked the account. The credit used by the frausters was not from my PayPal account, so I presume someone reported their theft to PayPal who informed Skype.
The main point of this article was to encourage Skype to send a confirmation e mail once a major account change is made (such as setting up a business account). My e mail address is certainly not private and they also knew about my hidden-Dublin.com website, so I guess they targeted me.
Do ask if you have any more questions - did you ask Skype on their forum board about your problems? As long as you remain objective and polite, you will get a reponse there.
Ahh ok I understand now.
I did leave a message on the forums and got a reply back from Norman Musgrave, and just in the last couple of hours I got a response back from Customer Support (only 9 days) and I now have access to my account again. But calls to SkypeOut are blocked until I get a response back from their fraud team at csl2@skype.net.
At least I have progress though. Strangely enough I didn't loose any credit, and there is no business account associated with my account, so I am wondering why my account was hijacked in the first place.
I use skype once in a while and this is very useful information.
Thank you for sharing your experience, Carol
If you're fed up with Skype customer support there are tonnes of other VoIP services you can try. They may not be as well known as Skype but pretty much all of them have better rates for calling landlines/mobiles.
I used to be happy with Skype in the pre-eBay days, but since they've been bought I've noticed a downward trend. I've started using AIM Call Out which has much better rates than skype, gives you a feature to set up calls between phones without having a headset and mic, and has SIP support. So far I'm pretty happy. Regardless if you're unhappy with your VoIP services, try another one, because there are a ton more out there!
cvaughn570 - many thanks for your comment.
Jack - thanks for these - we tend to forget there are alternatives. I think Skype were the market leaders but thankfully there is quality competition now.
Hi,
I have a personal Skype account where somebody hacked in, used up my credit for calls to the wide variety of countries.. then two unauthorized auto charge had happend on my paypal what was refunded later..
Then I was blocked out of the credit purchase option.. that was the time when I have discovered that something went terrible wrong with my skype account.
Since then skype does not give me any explanation or a will to refund me for my lost credit.. No one else has access to my computer and it is protected by a professional anti-virus/firewall program updated daily.. But somebody definitely hacked into my skype account to act on my behalf and enjoyed every cents of my credit for his/her calls what I had to pay for!
I have a gut feeling, that all those personal information and passwords may had been leaked from skype database itself..
I would advice everybody to be very careful to purchase credit and give paypal/credit card details to this company. SKYPE IS NOT A SAFE PLACE TO USE YOUR MONEY/PURCHASE CREDIT THAT CAN BE USED BY OTHERS THAN YOURSELF AND AUTOCHARGE CAN BE TAKEN FROM YOUR CREDIT CARD WITHOUT YOUR CONSENT! And do not dream of having any answers or explanation from skype and you can say good-bye for your lost credits.
I've had £100 taken from my bank after my account was hijacked. There is no fraud department in Skype to deal with this, they don't seem to care less. They carried on taking payment from PayPal even after I changed the paypal password. I wouldn't touch them again after this. I've had no response after nearly a week.
They don't even have the most basic security measure of emailing the original email address when the primary is changed. Every other company does this. Appaling customer service & no regard whatsoever for securing your details / money.
Thanks for your comments Rita and NathanJ. More and more I hear similar comments to yours - and I again emphasize that you should *never never never* use the same e mail account for Skype as you do for PayPal. This should also go for passwordsd - never use the same password for two such accounts but at least modify it somehow. If you need inspiration, I have written a short article about this.
Hi,
Exactly the same happened to me. I googled into your Hubpage and read through. In my case (and as I was able to judge - in yours as well), money was actually put into a my account. I checked my paypal accnt and they did not withdraw anything. So what is the catch here? How do those thiefs plan to further withdraw?
As for Skype - I cried out loud on their web forms twice THEFT, but aside from automatic replies, noone got back to me. They simply sucks.
Hi Hagal,
That's really interesting to hear I'm not the only one. I think the scammers take money and use it in different accounts to prevent early detection - it would be far easier to track if you were deadling with the same Skype and PayPal account.
I found Skype more supportive than you, but they took a long time to react initially. By this time the damage was done, and somebody's PayPal account was missing a lot of Euros.
By this time they got back to me with ~"we understand that your account was hacked, but we are not responsible for any demage..."
Poor, very poor reply. I asked for disconnection alltogether.
I would have to agree - I don't think Skype are very secure-minded or efficient. It leaves a bad taste in your mouth - I feel I was violated, through no fault of my own. The only consolation is that good people such as yourself, Hagel, were also got.
i was also hacked i wanted the $3 a month service when i put in my card information it kept denying me i kept redoing everything but kept getting denied so i called my card to hear my balance and the $3 dollars was taken out but i dont have any service does anyone know how i can get that back thanks
Sorry to hear about your problems. I suggest you goto my second link above, entitled "Skype Support" where you can log your problem and they will eventually answer you. I suspect they have a lot of similar complaints, so be patient and polite, and you might get some results and advice.
Good luck!
Sir my account malikandmaliks36 is blocked i dont know why.plz unblocked it.i am very thankful to you
Dear Yousaf,
I am extremely sorry to hear about your problems but this page is nothing to do with Skype - it simply records my own personal problems with my Skype fraud. Go to this page:
http://support.skype.com/en_US/support_request
Complete as much detail as possible and see if they will assist. If that does not result in prompt action, then goto the Forum here:
http://forum.skype.com/index.php?act=idx
and see if others have had similar problems. You can then post details of your own situation but I strongly suspect you will find many people have already had similar experiences to you.
Don't forget to bookmark this page and update evereyone on your experiences. I wish you all the best,
Peter
Same problem as many of the above people. I am a personal not a business user. I am also an infrequent user but someone hacked into my Skype account, used all my credit on calls to Taiwan. Skype eventually blocked my account but refused to refund my money. The security breach wasn't at my end. I run a fire wall and several types of security software. I wish I had read this site before signing up for Skype. I will now look elsewhere for a VOIP provider. How can Skype be so poor with their customer care and attitude to money lost by their customers because of their poor security systems?
Neil.
I'm very sorry to hear about your experiences Neil, but they are not unusual in the world of Skype users. It does appear that a lot of responsibility lies with Skype themselves; like yourself, I am also cautious with my passwords, security and protocols.
I hope you get sorted out eventually - it would be worth posting on the Skype forum for assistance.
pjdscott,
I had the same basic thign happen to me. On Monday Feb 23 I returned home to find that my contacts were all gone and phone numbers I did not know had replaced them. I went out to skype.com and found several charges against my account, so I tried to find a skype support number (no such thing exists) so I sent asupport request via email, the boilerplate response (24-48 hour response) did not provide a good feeling. So I called my credit card. They had seen many charges from Skype and makred them as fraud. They told me "we see a lot of this with skype". I had to cancel my card and get a new one and submit a fraud claim. If I had not done this thousands (I repeat 1000s) of dollars would be my problem now, even though my account has a USD100 limit per month. Skype is not being very responsible.
Anyway, I have recieved one response form Skype to over 10 submitted support queries. They have unblocked my account and I can get in from other computers (my wife's for instance) but my computer allows for no login form any users (not even my wife). I have uninstalled and then reinstalled, uninstalled rebooted and then reinstalled, still all logins fail.
Do you have any idea what is going on? I have Windows Vista with an AMD64 chip, but I think there is something either on Skypes server end that is blocking my computer or something on my computer keeping the login from happening. I believe it is on their server though.
Any help is appreciated.
Nate
Hi Nate,
If it's any consolation it seems as if it is not your fault, as it was not mine and others who have posted here. I have suspected a breach at Skype's end myself - there seems to be so many hacked accounts as your credit card company suggested.
I don't know what to suggest about your re-activation problem. You might find the Skype cookie and delete it, in case that is fouling things. In IE and Firefox try your preferences to access cookies.
Sorry not to be of more help - at least you paid by credit card, making the card company liable (unless they can prove a security breach at your end - highly unlikely, by the sound of things).
WOW quick response. My skype account is activated. I can log in from other computers. Does skype use cookies (I use google chrome as my primary browser due to it's multi process architecture)?
I can log into skype from my computer via the skype web interface, just not via the skype installed client interface.
Thanks
Nate
I am fairly sure Skype does use cookies on its web interface, but don't change that if you have access! I'm not sure how to delete the Skype prefs for the Skype app under Vista - there must be some way of deleting the prefs and getting Vista to write new files, which might help your access problem.
I must try Chrome, but I'm hooked on Firefox!
Good luck Nate.
happened to me as well this week.. can't believe after all this time they let this stuff still happen. Skype is not worth it anymore.
LJEH - I'm sorry to hear that. So many people have been done by Skype - I cannot emphasize enough that people should always use a different e mail account and passwords to that registered with their Skype account.
At least there are alternatives to Skype these days, and IM has vastly improved.
Deer Hill says:
2 years ago
I was just getting ready to sign up for a skype account. Thank you for the insite.