Skype has been a serious victim of many cyberattacks over the years, and one thing is for certain – it’s getting worse. With the SolarWinds attacks on Microsoft, many people have reported that their Microsoft accounts have been hacked – the problem? Many people don’t even realize it. However, many small businesses, entrepreneurs, and even medium-sized businesses utilize Skype to interview people and for professional reasons.

With the Skype apps on phones and other mobile devices – even for business devices, many people’s contacts are in jeopardy. And what’s worse, it often results in the user being hacked as well. So how can you tell whether or not your account has been hacked? And how are you supposed to fix it if you’ve been hacked?

 

How Do You Know if You’ve Been Hacked?

This woman has just found out she's been hacked.

Nobody wants to find out that something they’ve done has caused their computer or even their network to be hacked. But putting off the inevitable will only make things worse. Report any suspicious activity to your IT personnel immediately.

Of course, we’ve given numerous bits of information in our posts on detecting cyberattacks, but this one’s a fascinating method. Many users are noticing that suddenly, people’s contacts are being added to their Skype contacts for no reason at all. This could include family members, friends, mobile contacts, and more. On another note, some people have even had local people in their area show up on their contacts – only to find out that they’re deceased and that they’ve never contacted them.

 

So how are these people being added? Well, contradictory to many people’s beliefs, there have been numerous posts out there that point out security flaws because Skype would automatically add “recommended” contacts from mobile devices, email lists, and much more.

 

What makes it worse, though, is that many of these aren’t even legitimate contact additions. Other account users have had people show up that they’ve never even heard of. Business users are often targeted first in these cyberattacks, but it’s even going so far as to exploit their contacts and personal accounts these days.

 

What to Do if You Suspect Fraudulent Activity on Your Account

The first thing your IT team will tell you to do once you've been a breach victim is to change all your passwords.

This woman has just found out that her account has been breached. What should she do first?

First off, you want to change your passwords for everything. That’s the standard rule if you’re suspecting fraudulent activities. Once that’s done, you need to look deep into the contacts and see if anything looks suspicious You then want to do the following:

 

1.    Remove ANY Bots

Removing any bots you find especially the Portelbot will increase your chances of surviving such an attack.

Removing any bots, especially any malicious bots, will increase your chances of surviving such an attack.

Skype comes with support bots and more. You probably won’t see this on the main contacts page, so you’ll have to view ALL Contacts. However, in the past year, since Microsoft was a part of the big data breach, it’s advisable to remove all of “Skype’s” bots. They have access to all of your credentials and can spy on your conversations, get your contacts, and more.

See also  What Is BDR Security and Why Is It Vital for Your Data?

 

Another one that has been found is the “Portelbot.” This strange bot has almost no English documentation – a sure sign of possible hijacking from other countries. Block all of these bots, report abuse activity on every one of them, and then delete them (sometimes Skype will automatically do so once they’re reported).

 

2.    Check Contact Accounts IP Addresses for Location

The Skype IP Resolver is an excellent tool that will help keep you safe. 

The Skype IP Resolver is an excellent tool that will help keep you safe.

It would be best if you viewed the profile of EVERY contact you have on Skype, or you can log into your Microsoft and download a CSV (comma-separated value) spreadsheet that shows you all of your contacts that have been added. Once this is done, you may see that many of these are added when you didn’t add them yourself. You need to find out their usernames and then check the IP addresses. Where you check these is equally important because you need to find out the last location that utilized that IP address. Therefore, a regular WHOIS IP search isn’t going to work.

Run every name individually into a Skype Name Resolver – http://www.skypeipresolver.net/skypedb.php is a good one. You enter the username, and a captcha code, click submit and scroll down to the bottom of the page to see their IP.

Another useful tool in cracking down on fake IP address spoofers is AbuseIPDB.

Another useful tool in cracking down on fake IP address spoofers is AbuseIPDB.

Copy that IP address and paste it into the AbuseIP Database – https://www.abuseipdb.com/ you may be surprised to see many IPs used in other countries. Mark these users as compromised.

 

3.    Block the Contacts and Remove Them

You definitely don't want any of these malicious contacts getting through to get the sack. So block and remove everyone until it's safe to re-add them.

You definitely don’t want any of these malicious contacts getting through to get the sack. So block and remove everyone until it’s safe to re-add them.

You can always add these contacts later if they’re close family or friends. However, right now, you need to treat them as a threat. Block the accounts, report for abuse, and delete the contacts.

 

4.    Alert ANYONE who has been breached by your data breach.

The next crucial thing you need to do is to let anybody know that may have been affected by the breach know that they might possibly breached as well. You can email or call them, but make sure you do it quickly and that they understand the seriousness of the problem.

The next crucial thing you need to do is to let anybody know that they may have been affected by the breach and know that they might be breached as well. You can email or call them, but make sure you do it quickly and that they understand the seriousness of the problem.

Finally, even though you were a victim of hijacking, you need to let people know. Therefore, get ahold of these family members by phone, social media, or whatever method you can and let them know that your account was hacked, and according to your research, theirs was too.

 

Conclusion

 

Since Skype is used a lot for business, you must work hard to increase your cybersecurity – especially if you’re a small business. Hiring a locally owned IT company can help increase your chances of being protected against fraudulent activity like this and make sure that nothing worse has occurred. Stay safe in the digital world – it’s only getting worse in 2021!