Dave, I just got a notification from Skype that I have a voicemail message, but I’m confused how that can be, and when I clicked on the link to check it, I got an error page instead. What’s going on?
OOhhhhh…. don’t click on those links! You’re lucky this time that it was broken, but what you received was what’s known as a “phishing” message, a scam where the sender tries to trick you into entering your login credentials so that they can hijack your account. Not good!
How does that work? Exactly as you saw with this message: you get an email message that is relatively innocuous and seems legit, a message that requests you jump onto the company’s Web site to get a message, download new software, verify your account, or even claim a prize or award.
Problem is, at that point you go to a site that’s not related to the company — in this case, nothing to do with Skype or eBay — and though it looks quite legit, with the company logo, regular login prompt, etc, it’s bogus, like one of those fake buildings in a Hollywood movie: all front, no building.
Except there is just enough building behind that facade to store your account login and password. Typically at that point they push you back to the real site and you think “weird, I have to log in twice?” and proceed without much more thought. A few hours later, however, the bad guys log in, change your password and, often, your security answer, and you’re effectively locked out while they do whatever they want.
Scary stuff. Important to be cautious! Easiest way to do that? Never click on links within messages: In a case like this, simply log in to the Skype Web site by typing in skype.com, then see if there’s a message in your Skype inbox or not.
Oh, and here’s what the message looked like when I got it:
Seems pretty legitimate! Here’s one thing to notice before clicking on the link, however: if you move your cursor over the link without clicking, a lot of email programs will pop up a message that shows the destination address for that link, like this:
As you can see, it’s most assuredly not “www.skype.com”, which is enough for you to just delete the message and forget about it.
In this case, if you did click, the phishing attempt was lazy and they didn’t get the backend set up in time. Instead, a 404 error message. In Spanish:
The moral of the story? Don’t click on these links! Any time you see a message from any online service, any bank, any financial institution, or even a service like eBay or Gmail, log in to the site directly and look for a notification there, rather than trusting the increasingly unreliable avenue of your inbox.