Skype is one of the most widely used (and wildly popular) Voice over IP (VoIP) software applications used on the Internet, so phishers occasionally attempt to profit from its popularity. And today is no different.

The Trend Micro Content Security Team discovered an active Skype phishing page, and as can be seen in the screen capture below (Figure 1), potential victims are asked to enter their Skype login credentials, such as user name and password.

Figure 1. Screenshot of bogus Skype phishing page

After entering the required information, users are then directed to a spoofed security check page (see Figure 2) that asks the user to enter their “other personal data” including credit card number, credit card expiration date, name of the card holder, CVC (card verification code), and billing address.

Clicking on the Update button leads potential victims to the legitimate Skype page.

Figure 2. Screenshot of bogus security check page

Although Skype had been in security news in the past for criminal attempts to capitalize on its popularity, this is the first time we have encountered an active phishing page that basically “clones” the entire Skype Web site.

However, cautious visitors, especially those with free accounts, may soon realize that there would be no legitimate need to give out their credit card information just to be able to use Skype.

Skype subscribers with paid accounts, however, may be more at risk, since they may agree to provide their account information in relation to account maintenance.

The spoofed site is already blocked by Trend Micro Smart Protection Network.

Related Posts:

Olympic tickets, anyone? They are available on the Internet of course, but users beware: the bad guys are still working hard to steal from online users as the 2008 Beijing Olympics approaches.

Trend Micro Senior Advanced Threats Researcher Paul Ferguson discovered a fake Beijing Olympics Web site supposedly selling tickets. The Los Angeles Times reports that Olympics officials have already asked federal courts to shut down certain Web sites that pose as sellers of tickets but are actually stealing credit card numbers and other confidential information.

Figure 1. Home page of Olympic ticket-selling phishing site

The TrendLabs Content Security Team tried to verify the phishing site. The Web site hxxp://www.{BLOCKED}gticketing.com asks users to register before buying tickets.

Figure 2. Users are asked to register for an account.

Filling out the form is already questionable because some confidential information are required in the registration. We tried to enter bogus delivery address and phone numbers and the site accepted all the information, regardless of the validity of the information we entered. This shows that the supposed ticket sellers don’t intend to deliver the tickets after payment.

After registering, the user now can sign in to buy tickets.

Figure 3. Users are asked to sign in using the registered information.

The site then asks for credit card numbers and CW2 numbers after a user has chosen which ticket to purchase.

Figure 4. Users are then asked to choose which events to buy tickets to.

Figure 5. Users are asked to provide payment information.

There are already hundreds of victims who lost large amounts of money to this site, according to a report by the Los Angeles Times. The said Web site is already blocked by Trend Micro Smart Protection Network.