A gang of hackers has made Skype their latest target for generating spam links. During the past couple of weeks, Skype users have reported encountering links in their Skype chat that redirect them to either Baidu or LinkedIn.
After a deeper analysis, a thread on Microsoft’s Skype support forum suggested the spam links date back to August. Hundreds of Skype users have fallen prey to the scam after receiving spam messages from infringed accounts. But how exactly were the accounts compromised?
Users also stated they did not encounter any suspicious links or files prior to receiving the redirect URLs. It shows that the hackers have somehow managed to find a gateway through Skype’s security. Even the users who have their two-step verification procedure activated have felt the heat of the hack attack.
Upon inquiry, a Microsoft spokesperson denied all the allegations regarding the social spam. This is not the first time Skype has fallen victim to such attacks. Hackers previously acquired stolen usernames and passwords to gain access to registered Skype accounts. It is possible they obtained credentials by other means to carry out this latest attack.
Some Skype customers have reported their accounts being used to send spam. There is no breach of Skype security, instead we believe criminals are using username and password combinations obtained illegally to see if they exist on Skype. We continue to take steps to harden the login process and recommend customers update their Skype account to a Microsoft account to benefit from added protections such as two-factor authentication.
Another interesting fact regarding the scam is that even those users who have linked their Microsoft and Skype accounts together are still in danger. However, the said approach is known to eliminate the Skype login in favor of your Microsoft account information. That is a plausible explanation behind the breach of two-factor authentication. As Microsoft keeps your original Skype ID and password active, users have the possibility to access the service using their old credentials.
How to stay safe from Skype spams
There is, however, a way to minimize the vulnerability to such attacks which involves merging your Skype ID with a Microsoft account (even if they’re already linked). This could potentially limit the threat of hackers gaining illicit access to your accounts.
Steps to merge a Skype with a Microsoft account
- Open your web browser and go to https://account.microsoft.com/.
- If you’re currently signed in with your Microsoft account, then sign out.
- Click the Sign-in button.
- Enter your Skype ID and Skype password to begin the process.
- Click Next.
- If you have already linked the accounts in the past, you’ll get asked to update your information by entering your Microsoft account password.
- Click Next.
- Click OK to complete the process.
Once you are done, a Skype alias will be created to let you sign in with a Skype username. You can either use it or even disable it under the alias preferences. That would restrain third-party users from signing in with your Skype username.
Whatever the case, you will then be unable to use your old Skype password anymore. On the bright side, intruders would be denied access to your account until they know your email address.
Though the process may seem painstaking, it is necessary for maximum account security.
RELATED STORIES YOU NEED TO CHECK OUT: