Sophos Cloud Optix
As more and more people become acquainted by the tricks used by internet scammers and cybercriminals, so they are pressed to find new social engineering tricks in their hope of tricking the unwary.
One of the schemes we have heard of involves unsolicited calls via Skype, where an automated message (what I like to call a “Digital Dorothy”) warns you in a semi-robotic voice that your computer’s security is not up-to-date.
A Naked Security reader has pointed us to the following YouTube video, showing just such a scam call caught on camera. Fortunately, in this case, the recipient of the bogus call about his computer’s security was wise to the scam and knew not to act upon it.
Warning: Some of the language used in this video is a little fruity.
In case you couldn’t make it out on the video’s soundtrack, here’s what the automated call was saying:
"Attention: this is an automated computer system alert. Your computer protection service is not active. To activate computer protection, and repair your computer, go to [LINK]"
If you weren’t aware of fake anti-virus (also known as scareware) scams like this you might well be worried enough to visit the website referred to in the message, where it will pretend to scan your computer’s security.
Surprise surprise.. the website claims that you are not properly protected – and it urges you to install its software (a steal at $19.95).
I’m not sure I would want to trust any product which uses Skype spam techniques to advertise itself, and presented itself in such an underhand manner.
They seem to be keen for you to hand over your contact details (including your email address). For test purposes, I entered an email address – but haven’t received a communication yet. One thing is for sure – I am not going to trust whatever they say in that email.
Of course, if you don’t want to receive unsolicited Skype calls the best thing to do is change your privacy settings so only users listed in your contacts list are allowed to get in touch with you.
If you want to find out more about fake anti-virus or scareware attacks download the technical paper from SophosLabs: “What is Fake AV?” [PDF]
Hat-tip: Thanks to Naked Security reader Morgan for bringing this video to our attention.
All the options in my skype are set to 'only people in my contact list' yet about once a month I get a message from what looks like a different Russian dating site so I am not quite sure what this setting is for …
I get those too, even though settings are on contacts only … only mine are all US soldiers!!! And they come through at least 3 times per week. It’s been so bad that I have changed accounts twice, but it still happens. Really irritating!
I've had quite a few of the mystery "friend" requests too. Log on to your Skype preferences and opt to receive notifications from any unknown sources. As soon as I did this I received a message that someone had logged on from a hundred miles away and had sent a request to befriend themselves from my computer and then validated their own request! I'm keeping track of the logins quite a lot. If this is the problem then you may be changing passwords often. There is a lot of this going on.
I just received an automated message that my computer security was not up to date – which is not true. I was to contact a site including "sos" which I was later told by a computer expert stands for "scam on skype." if you go to the site they want to sell you a security system- I didn't go.
lol the second person down on his friends list is "Ass Cobra".
I received this call on my iPad. I can’t find the privacy settings. Can they be changed?
I always like when people call me saying they are from microsoft and tell me my machine is sending out spam and has a virus. They always hang up when I tell them I have a mac.. its a shame though I was looking forward to a wee chat.
I HATE, HATE, HATE fake antivirus notifications! My users always say, "I did not install anything, I swear", when I say, "did you follow my instructions and either turn your computer off as soon as the notification came up or End Tasked it?", they respond, well I closed the window. Ahhhhhhhhhhhhhh! Can't wait to see the Sophos Antivirus webinar.
don't trust them! they take over your computer and then install a virus which you can only remove if you buy their anti-virus software, it's a pretty elaborate scam and a lot of people fell for it…i suggest reporting this to consumer complaint sites like callercenter.com to warn everyone else!
What happens if you do go to it and put info in? What should you do?
I received a computer voice message today that told me my computer system is not protected and it said to go to *censored* but I thought I had better look it up on the Internet first. I went to Bing and typed in “Skype System Warning of Computer protection” and I found this site. Thank you for having this resource because I may have fell for this scam. I wonder if there is some way to get these people arrested? It is WRONG, WRONG, WROG to do what they are doing. Oh well, live and learn.
I accepted the call from the scammer (before I knew it was a scam) but I hung up and did not go to the website. Could I still have gotten a virus?
If all that happened was you received a call and didn't *act* upon it (ie. didn't visit any websites, or click on any links) then you should have nothing to worry about.
I wish I could say that's true. I am not a Skype "user" but family is. when the "skype" phone rang, I ans'd. as soon as I saw what it was, I exited, ran a scan but still ended up infected. still trying to fix it now for 2 days. getting ready to reset to factory standards & start over.
DON'T ANSWER CALL!!!!