It’s so embarrassing. Here I am, a contributor at MakeUseOf with a background in data security, and I’m about to tell you how my Skype account got hacked. Not years ago before I became aware of the various threats and the signs that an intrusion had occurred, but recently. Just last Christmas.
The worst thing about this is that I’d noticed that there was something not quite right about the way the account was behaving, but in the heady Christmas rush I’d put it down to Microsoft’s recent changes to the service (after all, it’s hardly been the same since the new centralised data centre was introduced in place of the previous P2P system, has it?).
The hacker was clever, too, using my account just a little to call his relatives/associates in Pakistan. In fact he’d used so little of the first bunch of Skype call credit that it wasn’t until the second grab for extra credit that I noticed anything was wrong. Unfortunately, I wasn’t the only one slow off the mark, resulting in a painful and needlessly drawn-out process of confirming my identification several times.
The First Alert From Skype
It wasn’t until my 37th birthday that I received an email from Skype, informing me that my account was under review.
Immediately I realised what had been going on, the pieces of the jigsaw falling into place. To describe me as angry would be something of an understatement (especially as I had recently had this guide to three Skype security issues published) – but rather than wishing any harm on the sorry excuse for a human being whose non-existent morals are contributing to an unprecedented level of theft and fraud, I was angry with myself for not recognizing the signs.
Now, this is where you need to be aware. This first email from Skype will require you to resolve a few security issues and change your password. However, it isn’t the end of the matter, and will not enable you to regain full control of your account.
As I was keen to get my money refunded (claimed and spent fraudulently, of course) I turned my attention to this, forgetting that I was unable to call telephones through Skype for the time being.
Christmas Phone Calls Home
Why would anyone want to hack my Skype account? Why should anyone hack yours?
Basically to make calls without any expense to themselves, I guess. Certainly the details that Skype provided indicated purchases made from Pakistan and while it is easy to throw in the “terrorism” word, these hackers could just as easily be affiliated with the opium trade or human trafficking as any other criminal activity.
The fact is, they actively attempt to hack Skype accounts in order to use your money to add credit, and do so with a certain amount of guile in order not to raise suspicion. Look at the low amounts they purchased!
Remember, they only need one account.
How Did They Hack My Account?
What was most interesting about my experience is that I was still able to use my Skype account. I had made several Skype-to-Skype calls in the interim for podcasting purposes (using Skype call recording software), and never had to change passwords.
The reason for this, I soon realised, was that my password had been revealed to the hacker. While this might have occurred using wireless sniffing technology over an unsecured connection, I’m more inclined to suspect that the password was acquired via an Android app. Which one, I can’t say, but this seems the most likely culprit.
Claiming Back Stolen Credit
If your Skype account has been hacked and credit purchased from your bank or PayPal account, you can claim it back. I made sure that both Skype and PayPal knew that I was requesting refunds, sending emails of complaint to both.
While the process of finding the required details for the transactions was slow (see the next section) the actual refunds were processed within a day, restoring my faith in the system somewhat.
What was particularly galling was that despite having setup a maximum credit purchase of £10 per transaction (see above), the scammer was not limited in his ability to get free calls back to Pakistan. Normally I would recommend you set up this option if you have any concerns about security, but it seems that it cannot save you from losing money.
Reclaiming Control Of My Skype Account
It was only a couple of weeks ago that I realised that my Skype account was still only usable for Skype-to-Skype calls. Had I subconsciously wished never to spend a penny on the service and left the VOIP to landline element in limbo as retribution?
I’m not certain, really, but I can tell you that reclaiming control of my Skype account was a 45 minute process that involved answering five questions on the website’s dedicated page and then (after presumably getting one of them wrong) being sent into text chat with a Skype representative to answer more questions.
The purpose here, of course, was to confirm my identity. How on earth it took so long I don’t know, but like anything that requires communication with someone in a remote support centre, it seemed to take far longer than it actually did.
If there is any way to avoid this, you’ll need to have a good idea of when you set up your Skype account, and four other pieces of personal information. Frustratingly, I got this wrong.
Happily, however, I eventually got Skype sorted out – just in time to make an important phone call!
It Happened to Me, It Can Happen To You!
I’ve authored a fair few articles and essays both online and offline over the years concerning user account security and the growing number of risks and threats. To find that I had fallen foul of this sort of scam is pretty galling, I’ll be honest.
If anything, however, I’ve proved to you (and myself of course) that regardless of your knowledge or expertise, active threats persist, and it only takes a moment of ignorance for you to find that you’re losing money from right under your nose.
There are lessons to be learned here. Luckily I had a limit on the amount of Skype credit I could purchase, otherwise the culprit might have emptied my bank account (or at least my PayPal account).
I should also have acted upon the strange activity on my Skype account. To this day I can’t understand why I let this pass, but again, it could have been all down to the Christmas rush, a time when our guards are often dropped.
So, let my experience be a lesson to you. Anyone can get scammed, and these criminals will take advantage of the slightest weakness in your armoury. They can find your password using mobile apps or wireless network sniffing, and are part of massive organized rings.
Avoid my experience. Update your Skype password regularly, along with that of any associated accounts. Keep an eye out for unusual activity, don’t rely on the service itself to alert you within any reasonable timescale and have a clear-out of apps on your mobile device, particularly Android. Finally, should you fail to keep your account under your control, be prepared for a few hours of painfully slow web or telephone chats with Skype personnel in order to regain full control.
Don’t let this happen to you! Or if it did happen to you, let us know in the comments how the experience was in your case.