A Skype scam bot attempted to lure our CEO. This is what happened.

  • March 8, 2016
  • 2 min read

Skype scams have been around for ages. With technology constantly evolving, one would think that chat bots get a little more convincing too. As it so happens I recently got a contact request from a nice young lady that had something very special to offer.

I thought, OK, let’s play it through once and take some screenshots of the conversation:

 

Complete chat dialog with a scam-chatbot on Skype

Complete chat dialog with a scam-chatbot on Skype

 

This is how it works

Obviously, Katrina Kauffman is not a real woman (or even a man), but an automated program. At this point it is unclear if the bot hijacked someone’s personal Skype account by hacking their password or if the user account was just created to fool people.

The only purpose of the bot is to convince people to provide their credit card information on a fraudulent website. The shorturl leads to a fake adult entertainment website where you are supposed to sign up to see more.

Scammer website that tries to steal your credit card information

Scammer website that tries to steal your credit card information

 

Example 2

Just a few weeks later I have received another contact request from a lady called “dear.churchill”. It was obviously a scam bot too and looked like it was made by the same people that were behind the first one. The only ‘improvement’ I could notice was that the new version also had a proper profile image set.

The full Skype scam conversation with a bot-script.

The full Skype scam conversation with a bot-script.

 

This poor girl maybe doesn't even know that her pictures are mis-used for scamming

This poor girl maybe doesn’t even know that her pictures are mis-used for scamming

 

Of course, this website requires your credit card detaily ONLY for age verification. Who still believes that?

Of course, this website requires your credit card detaily ONLY for age verification. Who still believes that?

 

How to recognize a scam-chat-bot?

  1. Ask any question. In the case above, the bot ignored what I was writing or asking and just kept sending me messages, trying to convince me to sign up and pay.
  2. Watch for behavior patterns. This bot didn’t just run a series of plain messages. It always waited for me to say something first, then posted a message back after exactly 30 seconds. When I paused, the bot paused too. When I typed more, the bot replied more.

What to do now?

If you think you have already fallen for a (suspected) Skype or credit card scam, contact your bank or credit card provider as soon as possible and ask them to cancel your card immediately. Otherwise scammers could use your credit card for purchasing goods on the Internet (or worse) and you’ll end up with a pile of debt – or even be at risk of criminal conviction.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

 

Emsi

Emsi

Emsisoft founder and managing director. In 1998 when I was 16, a so called 'friend' sent me a file via ICQ that unexpectedly opened my CD-ROM drive, which gave me a big scare. It marked the start of my journey to fight trojans and other malware. My story

What to read next