UPDATE: I've updated the post with a second Skype call I received on 1/17.
Scammers are always trying new ways to reach their targets to foil them into
buying free software, sending
credit card information, etc. Yesterday, they called me directly at home!
I was working on my computer when I got a Skype call from an unknown caller with a Skype ID of "
NOTIFICATION® URGENT - WWW.SWNOW.COM - UPGRADE INSTRUCTIONS". The automated call explained that my "software protections" were disabled and I had to urgently go to
www.swnow.com (spelled out in the call). I could not record the call, but it was very similar to what you hear when you visit
hxxp://www.swnow.com/.
 |
| Skype call from a scammer |
The call does not give any information about who is calling or what this "software protection" is supposed to be. It lasted 1 min. 50 secs. and basically just urged me to visit
www.swnow.com.
 |
| Skype call information |
When visited,
hxxp://www.swnow.com/ displays a fake antivirus page. It looks different than the
Fake AV sites that use
Blackhat spam SEO to reach users. Of course, the site purports that numerous viruses are found on your computer...
 |
| Fake AV claim to have found viruses |
The website is trying to sell the antivirus solution, rather than trying to get user's to install malware disguised as a free AV program. The website is well designed. The button "Activate Computer Protections" shows an "activation" form..
 |
| Check out form |
Then, the website gathers some personal information (name, e-mail address, etc.) via the "activation" form.
 |
| Information gathering |
Finally, the user is sent to a different website,
securecheckouts.org, to process the payment.
 |
| Payment processing form |
Looking at the HTML code, the page only contains an iframe, pointing to
hxxp://www.liveadmin.com/affiliates.php?affil104, where the payment form is actually hosted.
 |
| HTML source of securecheckouts.org |
There have been a steady rise of websites trying to resell free software (
AVG and other antivirus, OpenOffice, P2P clients, etc.) or deliver
fake stores that claim to offer software at deep discounts, etc. However, this was the first time that I've encountered a Skype call being used to push users to visit a fake store.
Second call
I received a similar Skype call on 11/17. I was urged to visit
www.msgmf.com to protect my computer. Te website is similar to
www.swnow.com. It tricks users into paying $19.95 through
click2sell.eu for an antivirus.
 |
| Second Skype call spam |
 |
| Fake antivirus on www.msgmf.com |
 |
| Antivirus "activation" page |
 |
| Payment form on click2sell.eu |
-- Julien
