Skype users told to change passwords, but will that stop spate of spoofed messages?

SkypeFor some weeks, Skype users have been complaining on online forums that their accounts have been sending out spoof messages without their permission.

Typically, users report that the messages use a Goo.gl URL shortener and are sent to all of their online contacts:

“Hi! goo.gl/[LINK]”

According to reports, some of the links might redirect to Russian domains hosting malicious code designed to infect visiting computers.

Sign up to our free newsletter.
Security news, advice, and tips.

So far, and there have been over 20 pages of discussion of the issue on the Skype community pages, Microsoft doesn’t appear to have come up with a solution to the problem – and there are no definitive conclusions as to how the messages are being sent.

One possibility is that malware has infected users’ computers, and is sending the messages without the permission of the account owners.

However, this theory seems less likely as some users have reported that the unauthorised messages have been sent even though their computers and mobile devices are turned off at the time.

Skype loginPotentially the spoof messages might also have be sent due to a vulnerability in Skype’s web-based client that the spammers are exploiting.

Alternatively, it’s possible that Skype users have had their account passwords compromised – perhaps via phishing attacks, or because victims are using the same passwords elsewhere on the net.

Frankly, we don’t know yet how the fraudsters are sending the messages – but sending them they are… and Skype users aren’t happy, judging by posts on the support forum:

I’ve been having the same issue for the last two weeks or so!
I am now having to explain to people that it’s not me sending them!!!
I’ve changed my password, so I’m hoping that will help, but I’ve also sent a support request to Skype to resolve the issue (no reply yet).
DO SOMETHING ABOUT THIS QUICKLY SKYPE, STOP IGNORING THE ISSUE!!!!!!!!!

My laptop was completely shut down and packed in my bag when messages went out to all my contacts.

Have also checked API as suggested but nothing suspicious there

I have Skype on my iPhone as well. Have temporarily removed the app for the sake of good order. I suspect it is Skype’s servers that were compromised — would be nice if they could shed some light on the issue….

Very embarrassing to have spam sent to hundreds of business contacts. Makes me consider to switch away from Skype.

For now, Microsoft is suggesting that customers change the passwords for all of their Skype-related accounts.

Skype community manager Claudius is the only official response I have been able to find:

Advice for Skype users

Our engineers are still looking into this.
Meanwhile we’d recommend everyone to change their account passwords for all your Skype related accounts, i.e. also update your Microsoft account password if you linked that to your Skype account. Here’s how: https://support.skype.com/en/faq/FA95/how-do-i-change-my-password

Whether following that advice will prevent the spate of spoofed Skype messages remains to be seen…

Hat-tip: The Register


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

6 comments on “Skype users told to change passwords, but will that stop spate of spoofed messages?”

  1. Anonymous

    I've stopped using Skype for the most part and have switched to a (hopefully) more secure messaging system. However, I signed in the other day and found an off-line message from a contact (I believe from the 9th July), it was very highly tailored, something along the lines of:

    Hi Bob! have you seen this: instagram.com/account/myskypeusername

    The 'instagram' link obviously turned into something a little more verbose and a little less trustworthy when 'link location' was copied. However, it does show that they are able to see/access my first name (as I have it set in Skype) and my Skype account ID.

    I didn't visit the link but I was quite impressed, it's certainly been one of the more sophisticated attempts (though I'd assume entirely automated) of phishing/compromise (or whatever then end goal was) that has come my way.

  2. Coyote

    This makes me think of MSN messenger. Hardly surprising that Microsoft has hold of Skype now.

    As for MSN, I remember they would give the suggestion of malware; I actually had it happen to me and I told them flat out (before) that I don't use Windows (not that other systems can't have malware but it was irrelevant here) and what do they give me? A link to a page with a list of Microsoft Windows antivirus software. It is arguably worse than the scripts tech support like to use (even when it is someone like me who tells them what is wrong, what they need to do and how to do it, and that I don't want them to waste my time with their silly scripts). I solved it myself (by using – I think – passport.com address instead of an email address) after sniffing MSN (messenger) traffic, in the end. But I seriously doubt the problem actually disappeared.

    The 'it must be your password' and 'you must have some malware' without much thought beyond, is merely ignoring the problem. It is one thing to suggest they (the users) make sure it isn't that (but this advice is always sound), but they (vendor) should investigate it further (and once enough tell them that their suggestions aren't helpful, they should actually realise it might not be the users at fault).

  3. tank lint

    There is a upcoming encrypted chat called Tox and it is open and not controlled by companies.

    tox.chat
    utox.org

  4. Wardine's Wrock

    I believe these Skype cases which continue in May 2016 are related to the AOL diet-pill spam in April 2014. Was the method used to access the AOL accounts ever determined?

  5. Anonymous

    It's still happening to this day!

  6. RATRI GALUH

    what is the spoof message ?

Leave a Reply to tank lint Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.