Skype Phishing Attack Targets Remote Workers’ Passwords

[silversurfer]

Content source

https://threatpost.com/skype-phishing-attack-targets-remote-workers-passwords/155068/

Attackers are sending convincing emails that ultimately steal victims’ Skype credentials.

Remote workers are being warned of a new phishing campaign targeting their Skype passwords.

The phishing emails look “eerily similar” to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that can be checked by clicking a “Review” button.

“It is not uncommon to receive emails about pending notifications for various services,” researchers wrote. “The threat actor anticipates users will recognize this as just that, so they take action to view the notifications. Curiosity and the sense of urgency entice many users to click the ‘Review’ button without recognizing the obvious signs of a phishing attack.”

 

[Antus67]

New phishing campaign spoofs Skype to trick victims

Remote workers have been warned to take extra care when using video conferencing software after a new phishing scam was uncovered.

Researchers from security firm Cofense have revealed hackers are using emails pretending to be from Skype, the popular Microsoft-owned video calling tool, in order to trick home workers into handing over their login details.

Criminals could then use these logins to access corporate networks to spread malware or steal valuable information.

The report, released by the Cofense Phishing Defense Center (PDC) saw attackers creating an email that looks eerily similar to a legitimate pending notification coming from Skype. If an unsuspecting recipient goes to “review” the notification, they are redirected via an app.link to a phishing page designed to harvest your password.