There have already been reports of an evil IM campaign infecting machines with the Dorkbot worm, and sightings of fake Skype password change notification emails, but apparently cybercrooks weren’t willing to stop there.
Just to make sure they catch as many Skype users off-guard as possible, spammers have begun sending out bogus Skype voicemail notices too.
At first glance, the emails will appear authentic – spoofed headers, Skype logo, pretty blue text, and no obvious grammar mistakes.
Unlike the Skype password spam, which used a malicious file attachment as its attack method, the fraudulent Skype voicemail messages use tainted links that will take the user to a third-party website rigged with drive-by-downloads.
Subject: You have a new voicemail
From: Skype (firstname.lastname@example.org)
This is an automated email, please don’t reply.
You have a new voicemail
Sign in to Skype to listen to the message.
If you no longer want to receive email alerts about new voicemails, unsubscribe now.
The people at Skype
Therefore, if you happen to receive an email claiming that you have a new Skype voicemail, we strongly urge you to take a moment to mouseover email links to make sure they actually point to Skype domain before clicking on them. Otherwise, you could be headed right into a cyber-trap!
[via GFI ]