New Skype scam uses chat bots: Fake webcam girls want your credit card information

skype-scam-fake-webcam-girls-preview

skype-scam-fake-webcam-girls-blog-banner

Have you ever received a contact request on Skype from someone you don’t know? This may happen from time to time, particularly if your Skype name is publically searchable.

But what is really behind these contact requests and why do people bother? To find that out we played along and the following conversation ensued:

skype scam 1

At first sight it appears to be someone looking for companion. But the dialogue is suspiciously general, questions are never really answered and the responses don’t allow for a meaningful discussion of any kind. When asking “Are you a bot” the invariable answer is “lol no i’m not a bot silly.”

The contact in our example has listed their birthdate as 1980, but claims to be 25 years old. That doesn’t add up either and when we ask about it, the question is completely ignored.

All this makes it obvious that instead of chatting with a real person we are in fact dealing with a chat bot. And this begs the question, why would a chat bot be interested in a human companion? Surely not for an engaging conversation… The answer to that question becomes clear when we look at the link the helpful Eva sent us when she offered her “free passes”. We are asked to sign up to what appears to be an X-rated video chat site:

skype scam 2

It looks like our Eva is in fact Nancy, but who cares about such minor details when it appears we have a free date? Lets move on to the registration:

This looks like a standard registration form, so lets complete it and click Continue:

Now wait a second, our credit card information is required and that’s not what we had agreed to. Why would we need to provide payment details if “today’s charge is $0.00” anyway? There goes our free date and at the same time this reveals the true aim of this scam: credit card fraud.

“Safe Secure Encrypted” sounds good, but unfortunately we are not convinced of the accuracy of this statement. The site doesn’t even use the HTTP secure protocol (which would give the URL the “https://…” prefix), so our dating adventure ends here.

Its all about the money

While chat bots may have a legitimate purpose (such as leaving an automated message when you are offline), that isn’t the case here. The only purpose of chat bots like the one we encountered, is to trick people into signing up and submitting their credit card details insecurely. Whoever gains access to the requested information (name, card number, CVC/CVV code and so on) can use your credit card on the internet for whatever they want. That’s a chilling thought, as scammers won’t waste any time in getting their hands on your money.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

If you have become the victim of a (suspected) credit card scam, it is recommended that you contact your credit card provider (bank or financial institution) as soon as possible. They can block your card immediately and will tell you what steps you need to undertake to regain access to it.

Elise

Elise

Malware analyst. I've always been interested in computers, especially anything (anti-)malware related and am usually the go-to computer person for everyone who knows me. The first virus I encountered was on DOS when I was 12 years old. The fact that our AV back then could "magically" make it go away sparked my interest.

What to read next