Skype Contacts Being Hijacked – Customer Service Rating…

My Review: 7  skype_logo.png

I have a confession to make.  I have been fuming for days about Skype and their customer service, but I really had no right to do so.  They’ve done a good job.  I am an idiot.

I wrote a long, long post about how they did a terrible job responding to my security concern.  After I finished, I proof-read it and in so doing re-read the correspondence between Skype support and myself.  When I re-read their very first email carefully, and then followed the link to the main Skype Blog page and read the content there, I realized that they had in fact addressed my concern appropriately from the very beginning.  If I had read it more carefully, I could have saved them and myself a lot of time.  So, instead of posting a rant in which the Skype Support team receives a rating of 2, I am still going to post a blog entry, but give them a well deserved 7 instead.  Sorry Timo T., and well done.

I am still posting some of the content I had written, and revising other sections to show Skype in a more appropriate light.  Revisions will be highlighted with bold text and lots of strikethroughs.

-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------

I am not blogging here about the Skype service itself. I am a huge fan of Skype, and if you haven’t used it yet, you should. It is a free VOIP software service that let’s you make free phone calls over the internet to other users. You can also instant message with other Skype users, make inexpensive calls to regular phone lines, make cheap international calls, and even have video calls with other Skype users – it is really cool. Skype is free to download and free to use with other members of the network; they charge reasonable (read: cheap) rates to make outside calls to regular land lines.

But I had a virus / bug / attack / phishing scheme / problem and I received adequate and appropriate responses. It has pleased me enough to blog about it.

So, what happened is this: my contact list was hijacked. I went to lunch with my Skype open (I leave it open most of the day so I can send and receive chat messages) and when I came back from lunch I had two chat windows open.  Both were from people in my contact list.  Both had almost identical messages, asking me to click on links to pornography, and to download malicious files.  As it happened, I was using my Macbook so I was largely immune to the viruses these messages were trying to get me to download.  But it was pretty disconcerting.  Who has my contact list?  Why do they have the ability to send me chat messages as though they were my friends?  If I had been using my Windows PC would I now be host to some kind of malicious, hard-drive eating, identity stealing virus?  I am still pretty upset about it.

So what do you do when you have a security concern with a piece of software?  Who you gonna call?  (Don’t say it, and I won’t either.)   You call the manufacturer, that’s who.  So I went to the Skype Support page and sent them a message.  I also took a screenshot on my Mac with the chat windows open, so that they could see the content of the messages, and see that the chat windows were both from people in my contact list, even though my friends did not in fact send me those chats.  Here is that image:

skype_problem.jpg

I regard this as a huge security breach.  I think it’s a really big deal that strangers, posing as my contacts, can send me chat messages, ask me questions posing as my friends, and I might not realize until I have said something I shouldn’t.  I now know what Skype is going to do to fix my problem.  So far, the answer is a big fat “we’ve addressed the issue and released the answers on our blog.  Read about it here.”  Below I am copying all of my correspondence with the support team at Skype.    Please read for yourself:

First is the initial message that I sent to Skype Support via their website support email system:

Topic:      Abuse (harassment, fraud, scam, spam, etc.)
Subtopic:   Other abuse
Subject:    Inappropriate Chat Windows That Appear to Be From My Contact List
Message:
-----------------------------------------------------------------------
I had two chat windows open up while skype was open - both appeared to be from my skype contacts
 list.  Neither of the chats was actually from one of my contacts, but they had the contacts\' names
 and images.  Both were trying to get me to click on links to pornography and other inappropriate
 material.  I think they might also have been trying to install a virus.  The links tried to
 download files with the extension \".scr\". 

Neither of these people had actually tried to have a chat with me, both were fraudulent and had
 essentially the same content.  I took a screenshot of both of the chat windows, though I don\'t see
 anyway to upload an attachment here.  I will hold on to it in case you want me to send it along.  

I know two other people who have had have had similar problems.  This issue makes me very
 uncomfortable becasue some malware, spyware, program, or malicious person has access to my account and my
 contact list, and can make it look like they are one of my legitimate contacts when they try to
 contact me.  I\'d like a response on what this scam means for me regarding my security using skype. 

Thanks, 

David
-------------------------------------------------------------------------

Next is the series or emails and responses between myself and Skype Support:

First Response:

Hello David,

Thank you for contacting Skype Support.

Skype has learned that a computer virus called “w32/Ramex.A” is affecting users of Skype for
 Windows. Users whose computers are infected with this virus will send a chat message to other Skype
 users asking them to click on a web link that can infect the computer of the person who receives
 the message.  Please note that Skype users ONLY become infected after they have downloaded the
 link and run the malicious software. The chat message, of which there are several versions, is
 cleverly-written and may appear to be a legitimate chat message, which may fool some users into clicking
 on the link.

Skype has been in contact with the leading antivirus software companies about this worm, and we
 know that they are updating their software to effectively stop this worm and as well as its side
 effects. Currently, F-Secure (www.fsecure.com) and Kaspersky Lab (www.kaspersky.com) have already
 updated their antivirus products to detect and remove the worm.

We would like to encourage our users to ensure that they are running anti-virus software on their
 computers and to download the latest anti-virus updates in order to provide the best protection
 against this and other viruses.

More information can be found at heartbeat.skype.com

Best regards,

Timo T.
Skype Support

————————————————————————-

My Reply: 

Hi, and thank you for the response.  I don’t think I fit into the category you described in your email.  I am using a MacBook, not a PC, and I never clicked on a link or installed a virus.  Someone, somehow, has access to my contacts list and can initiate chats as though they were one of my contacts.  I am attaching a screenshot here of the two chat windows that were opened.  As you can see both of them appear to be from my contacts, though neither of those people actually tried to chat with me.  The content of both of the fraudulent chats appear to be very similar.

It looked like the response you sent was a boiler plate that you send out to lots of people.  I’m sure you have lots of customers and lots of questions to answer, but I’d like a more personal response, rather than a cut and paste, addressing this issue.  I regard this as a very serious security concern, and I am considering switching to Jah Jah or Gizmo rather than continue without any answers.

If you need or want any more specifics about my system or the circumstances please let me know.

Thanks in advance for your help and attention.

David

————————————————————————-

Their Response: 

Hello David,

Thank you for contacting Skype Support.

You are correct that this virus does not work on Mac.
These messages show that your contacts have this infection.

We apologise for the inconveniences and for being unclear.

Best regards,

Timo T.

Skype Support
-------------------------------------------------------------------------

My Last Reply:

To: Timo - Skype Support <support@skype.net>
Subject: Re: GQW: Inappropriate Chat Windows That Appear to Be From My Contact List

Thank you for the response.  Can you please tell me what I should do?  Is there any danger or
 liability associated with this?

David

————————————————————————-

Their Last Response:

Hello David,

Thank you for contacting Skype Support.

The only thing that you can do is  notify your contacts about this problem. As you are a Mac user,
 this virus can not affect your computer even if you visit these links.
If you have more questions please feel free to contact us again.

Best regards,

Timo T.
Skype Support

————————————————————————-

Since that communication I have not heard from them, nor do I expect to.  There is no need since they gave me a good answer in the first place and I have been bothering them for no reason since then.  Once I finish this post I am going to send them another email with a link to it.  Not that I think it will have them quaking in their boots or anything, but maybe it will express my pleasure and chagrin in a more concrete way.  Maybe, just maybe, they will realize that I am pleased enough not simply to send them emails or smile to myself, but to also try and reach a wider audience with my words of praise and admiration for Skype’s support team.

What am I hoping to accomplish?  I’m not 100% sure.  I certainly don’t want to quit using Skype.  I like Skype.  A lot.  But I am so pleased by their communication, their response (or lack of it) and their willingness / ability to offer a solution.  I am not solely a Mac user.  In fact, I am writing this post on a PC.   So I could indeed have downloaded a virus; I am not immune.  What’s more, there is not even a mention of the fact that my contact list has been appropriated by someone who most likely has a malicious intent.  I can’t imagine that they have my best interests at heart.  How did someone gain access to my contacts?  Why can they initiate chats with me?  I now know what exactly is going on with Skype security, and that they have addressed the issue in good faith.

I would love any comments or thoughts from all you people out there in the ether.  Thanks for letting me squirm and writhe with chagrin at my stupidity.  Maybe something will come of it. 🙂  At the moment, and because someone kicked a little ass, Skype’s customer response gets a lovely seven, and they are probably deserve more to scrape by with than that. Grrrr. Hooray for Skype.

Advertisements

1 comment so far

  1. talking dynamics on

    i think we must think oft the sequrity .its been an bads experiencs


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: