back to article Skype ignores PayPal siphoning hijack scheme

One day last month, when Klaus Zimmerman tried to log into his Skype account, he got an error message indicating his username and password didn't match. Concerned something was awry, Zimmerman, a computer repairman living in Wexford County, Ireland, phoned his brother and asked him to check his online status. "I saw you on …

COMMENTS

This topic is closed for new posts.
  1. Solomon Grundy

    I Don't Get It...

    Some guy is complaining because he can't Spam his previous ebay buyers, and everyone else is complaining that their crappy phone service isn't treating them right?

    Why is any of this a surprise? It's an ebay company - which means that corporate policy prevents any sort of meaningful help or contact. Hell, even ebay admitted the product sucked and was sorry they bought it. Why would users/customers expect something good?

  2. David Spencer

    Well, that's it for Skype for me!

    I've been considering some kind of VOIP for a while. Looks like I better wipe Skype off that list.

  3. zonky
    Paris Hilton

    Don't drop the matter.

    Chargeback to paypal for an unauthorised transaction.

    Paris, becuase she also lets things drop.

  4. Karl Rasmusson

    Who owns Skype & PayPal?

    Look at the owner of the 2 companies for the reason why they do nothing and don't respond.

    It's the typical eBay response... do nothing and say nothing...

  5. Anonymous Coward
    Anonymous Coward

    ffs

    "Skype users should consider reconfiguring their account so it's no longer possible to automatically debit money from PayPal accounts or credit cards"

    earth to skype, paypal & ebay users: the internet is a snake pit.

  6. Anonymous Coward
    Anonymous Coward

    @ David Spencer

    If you're in the UK try voiptalk.org, customer support second to none.

  7. Jason Harvey
    Stop

    Paypal has been/is/always will be broken

    this is why charge backs via the credit card company are usually the only remedy. And possibly charging them with credit fraud, but then you're out the litigation charges.

    Use the free services... get a real phone line for real phone calls. Dump any direct access from paypal to any/all accounts if not just dumping paypal altogether. like someone else already posted... the net is a snake pit (re: thieves den) and you will get bitten even if you're being careful.

  8. Anonymous Coward
    Anonymous Coward

    "I'm fairly IT savy"

    wouldn't it be high sarcasm if he was on windows and he said that :)

    Gosh, I don't know how they got in I run a frewall and everything :)

    I am sure he is using a grown up OS though, couldn't make that comment with a straight face unless he was.

  9. Solomon Grundy
    Linux

    re:"I'm fairly IT savy"

    What the hell are you blathering on about man? Your open source OS and browser seem to have lead you astray... no one has said anything remotely related to your comment.

  10. Sarev
    Happy

    @ Solomon Grundy

    Well, no one apart from the guy in the article who said "I'm fairly IT savvy".

  11. TeeCee Gold badge

    @Rick Axon Re: @ David Spencer

    Seconded. Been using 'em for years. I think they invented "helpful".

  12. Nigel Wright

    It's worse than that Jim...

    If you have a really obfuscated and long password then Skype won't accept it.

  13. DavidAtkinson

    Buffer overflow

    I had a hardware skype phone. A few months ago I started getting instant messages that made it crash. Could that be the vector?

    I also wonder how the sender got my skype username - it was a random string of characters, not listed in the directory, and only ever used for SkypeOut.

    I switched to SipGate through the built in VOIP client on my mobile.

  14. Bronek Kozicki
    Coat

    @AC 01:01

    yeah, right, and have somene take over your box because of broken SSL package, or maybe via trojan. The belief that there is secure OS out there is fundamentally flawed; any OS is only as secure as the user is smart.

  15. Dr Patrick J R Harkin

    Ah, yes, the three great lies...

    1. The cheque is in the post

    2. Of course I'll respect you in the morning

    3. I'm fairly IT savvy

  16. Anonymous Coward
    Paris Hilton

    @Grundy

    No he doesn't, no mention of what OS he is using at all.

    Ebay suck, it does not matter what OS you are using, they robbed me two years back, took a LARGE payment from my Debit card when I had paid by Credit Card and left me with nearly £100 in bank charges.

    Their excuse was, I had registered my Debit Card first, so that was what they would use; even though I entered my Credit card details and had an email receipt confirming the Credit card's last 4 digits; so much for being able to register multiple cards.

    No apology, no refund, and if I took it to the bank the only person to suffer would have been the seller.

    Paris, cos I like it when she sucks.

    Not used Ebay or Paypal since, and stopped using Skype when Ebay bought it.

  17. Dave
    Alert

    @Linux tossers

    Considering there is no information as to how this has transpired, don't you think you're jumping the gun here? I know you need to tell everyone how superior your intellect is because you use a 1970's command prompt 50% of the time (OH THE POWER OF THE COMMAND PROMPT) but until the cause is directed at Windows (which it probably won't be) then quit pushing your little Linux agendas.

  18. Ewan

    I had a very similar experience

    A few months ago I received an email from Paypal saying my account had been debitted, then another, then another, all with reference to my Skype account.

    I immediately tried to login to Skype but got an invalid password message, so I emailed both Skype and Paypal. Paypal responded pretty quickly with a dismissive email, and Skype ignored me.

    Since my account was still open for abuse by the scammer, I figured the only option for me was to cancel the account in Paypal and call my bank, who immediately cancelled the credit card.

    After about 4 days, Skype finally responded to one of my pleading emails, saying they had reset the password for me but that any fraud was nothing to do with them. I logged in to find my call history consisted of calling a premium number abroad.

    About 3 months after the event, my bank contacted me to say Skype had agreed that the transactions had been fradulent after all, and my money would be refunded.

    Avoid Skype like the plague, they're the worst company I've ever dealt with for customer service.

    Most premium number scams would be pretty simple for Skype to block, simple don't allow any calls to a set of blacklisted numbers, and look for unusual calling patterns to new numbers generating large charges, but they're obviously not interested in helping their customers.

  19. Steven
    Thumb Down

    Doesn't suprise me one bit...

    eBay & Co are awful for customer support and always blame the user.

    My eBay account was hijacked and customer services basically said my password was too weak or I clicked a phishing email and that it must be my fault...

    Not being funny but I delete any email from ebay because its always spam. Im behind a proxy server, hardware firewall and kapersky AV. I only use my account on my home machine, I have SSL encrypted email set to use plain text only, use different addresses for different things eg ebay@ paypal@ etc and my password at the time (now changed obviously) was R%£mw(n^8I9 How in gods green earth is that an easy to crack password eBay????

    This whole thing with Skype sounds very similar, think eBay & Co need to stop blaming other people and take a serious look at their [lack of] security.

  20. Daniel Garcia
    Black Helicopters

    hacked

    this smells like someone knows to hack easily skype, skype knows it and playing "let's bury our heads on the sand"

  21. FathomsDown
    Pirate

    I'm an ex-Skyper

    About 18 months ago I moved away from Skype after they cancelled my Skypein number with almost no notice.

    I'm now using another VOIP provider, I don't need to keep a PC on all day, it costs much less for outgoing calls (and its still free for VOIP to VOIP calls) and the call quality is much higher.

    Skype was good in its day but the other providers have caught up fast and now offer a better service IMHO.

  22. Craig

    Recurring Paypal

    There have been enough incidents now with Paypal, eBay, etc. that anyone who uses anything that allows auto-charging via Paypal is either startlingly naive or simply stupid. To make it worse, some people who read sites like this STILL do it.

    I have a hardware Skype phone (the Netgear one) for the wife to phone her friends and family who are abroad. She calls one elderly relative using Skype-out but this has a manual credit update where I refuse to store card details on the Skype account and have to re-enter them every time I want to add £10. If someone hacks this account, the best they'll get is about £10.

    As said above, t'internet is full of bad guys. Work on the assumption that regardless of how good you are at this IT lark, you will get ripped-off eventually and plan accordingly.

  23. Dale Richards
    Unhappy

    Conned here

    Well not me, but my girlfriend. One day she received notification that about £95 had been debited from her PayPal account and credited to Skype. That was odd, because she's never even had a Skype account. Does this make it more of a PayPal problem?

    To be fair to PayPal, she did eventually get the money returned.

  24. BlueGreen

    @FathomsDown et al

    What provider do you now use? What can others recommend (besides voiptalk already mentioned)?

  25. Anonymous Coward
    Boffin

    Neither Skype nor Paypal have an incentive to fix this quickly

    They make money on the transactions.

  26. Richard
    Flame

    Worth a try.....

    Paypal are now a bank, regulated in Luxembourg. The regulator is Commission de Surveillance du Secteur Financier.

    See their website, in particular the complaints procedure at

    http://www.cssf.lu/index.php?id=75&L=1

    Dunno what would happen if they got inundated with complaints about paypal?

  27. Krystan Honour
    Pirate

    Something similar

    Happened to me recently.

    I got an email stating that there had been a paypal transaction to skype, I tried to log in to my skype account and found that i could !!

    There was no records of credits or calls so I spoke to paypal , who agreed that this was odd and also decided that my account had been accessed not by myself.

    The amount was credited back to my credit card within 4 days.

    I changed all security on my account etc, I still have , and never had had my paypal linked to skype.

  28. Steve Evans
    Thumb Up

    I'm using Sipgate

    Absolutely superb, no problems, excellent service, etc. Highly recommended

  29. Jon

    I see!

    THAT's why I had an attempt to remove skype funds from my paypal account about 2 months ago. I was then locked out of Paypal until I reset my details - they still won't let me do bank debits - and when they unlocked my account there was a mandate to pay agreement thing still left - I deleted that pretty quick! So I guess they might have hacked my skype account initially.

    Thanks for bringing this to my attention guys!

  30. Mike

    attempted trransfer of funds from PP a/c to another Skype user

    I discovered that two (unsuccessful) attempts were made to transfer funds from my PayPal account to someone else's Skype account. Why they were thwarted is not clear. There are two withdrawals and two refunds in my PP statement. Needless to say, both PP and Skype have been totally unhelpful, though they have told me that my account was compromised in some way. BTW, I have no arrangement set up to transfer funds from PP to Skype in my own name.

    I have certainly not been phished and there is no malware on my computer. I have changed my passwords at Skype and PP to be on the safe side.

    It is, iof course, always a good idea to use strong passwords and different passwords on related accounts - although the attached account suggests that someone has found a way round this.

    Be careful out there in cyberspace.

  31. Mike
    Unhappy

    attempted transfer of funds from PP a/c to another Skype user

    I discovered that two (unsuccessful) attempts were made to transfer funds from my PayPal account to someone else's Skype account. Why they were thwarted is not clear. There are two withdrawals and two refunds in my PP statement. Needless to say, both PP and Skype have been totally unhelpful, though they have told me that my account was compromised in some way. BTW, I have no arrangement set up to transfer funds from PP to Skype in my own name.

    I have certainly not been phished and there is no malware on my computer. I have changed my passwords at Skype and PP to be on the safe side.

    It is, of course, always a good idea to use strong passwords and different passwords on related accounts - although the article suggests that someone has found a way round this.

    Be careful out there in cyberspace.

  32. Steve

    Maybe

    Skype is a p2p setup, almost everyone using it effectively volunteers their computer to be used as a forwarder, so catching Skype traffic can't be difficult.

    It may be encrypted, but is there any chance they use SSL keys generated on a Debian system... ?

  33. Anonymous Coward
    Anonymous Coward

    @ Ian Emery

    Happened to me too.

  34. Anonymous Coward
    Anonymous Coward

    @Mr I don't read the articles, but pour over the comments - Solomon Grundy

    Well that is it really :)

    And someone beat me to it, but hey.

    Just to clarify, it looks like the compormise may have been done using keyboard loggers or some form of client side intrusion; they got the passwords and just flipped control of the accounts to themselves.

    If there is no break in on the server side, then it looks like the clients may have been compromised.

    That's the point I was hinting at.

  35. Scott

    A More Productive Approach

    It would be far more news-worthy for the editors the "El Reg" to seek out anyone who has had an email responded to by Ebay or one of its minion. There won't be many, if any, found.

    I have received many emails that appeared to be from PayPal or Ebay. None were genuine and neither PayPal or Ebay were the least bit concerned. It wasn't going to cost them a cent even if I had responded to the scams.

    Why anyone would allow automatic debiting to take place without per-transaction pre-approval baffles me. The companies involved will work hard to see that they get their money. Those same companies will do as little as possible to protect the funds of others. The bare minimum the law requires, and that only if forced.

    Slamming has a long history in the telephone industry. It is easy for the companies to do, often goes unnoticed for at least a few billing cycles, and when noticed it is your word against their "records". A huge money maker.

    A pox on all their houses.

  36. Joe Montana
    Flame

    Avoid skype like the plague

    I never saw the attraction of skype...

    A proprietary protocol that only works with a single service, requires you to use their crappy software, and does it have any third party device support?

    I've always stuck with providers that use the standard SIP protocol, there are tons out there with different rates and different levels of support.

    Because the protocol is standard, you can choose your provider based on the best rates to the destinations you call, and switch at will.

    You do have to choose inbound numbers a bit more carefully, since changing those is more hassle - ie having to tell everyone who calls you the new number, number portability would be good here. On the other hand, you can get a small voip router with an analogue port, and connect it to your regular phone service (which you have anyway if you use dsl, and it costs you nothing extra to receive calls on it).

    You also get a choice of devices, there are tons of software phones with various features, a large number of hardware phones, adapters to convert analogue phones to sip devices and some cellphones have wifi and sip clients built in these days (eg nokia n95), so you don't need to keep a noisy computer running, and with something like an n95 you can access your sip service wherever you have wifi (or potentially 3g cellular).

  37. DaveJ

    I use Raketu

    There are many issues with Skype and PayPal. Not only does Skype have these issues, but Skype is also based on p2p using supernodes - supernodes allow other users communications to be relayed through your computer, and you don't even know it's going on. This opens up your computer to serious security issues. PayPal is just notoriously bad, but even Raketu uses PayPal, and Google and MoneyBookers for payments (at least a choice). Raketu has their own p2p without supernodes, and uses SIP for dialin, dialout. I hear they are releasing their dialin next week and the ability to attach any third pary SIP client to their network - finally. You can make calls from mobiles, laptops, and they just released a webphone for dialout calling without a download. Great service, great rates, great support and no billing problems.

  38. rick buck
    IT Angle

    Nside Network Work

    I understand some of the credit card thefts in the recent past is/was being carried out by gangs that have infiltrated the Networking Environment, and therefore have access to network racks and can capture and monitor "inside the network", so if it is not encrypted, they can read and capture it all.

    IT> Nobody said you had to be smart...just conniving.

  39. Sly

    Use AIM Call Out

    If you're fed up with Skype try AIM Call Out. I've used Skype before they were bought by ebay, but since they've been bought out they've become like every other e-bay company. Bad service and more expensive.

    Recently I've started using AIM Call Out. There rates are better than Skypes plus you don't always have to have your headset and mic if you use their web connect feature (connects 2 phones directly). They recently added SIP support as well.

  40. Paul Stimpson
    Pirate

    Paypal protection

    I recently received some good advice never to use debit cards with a Paypal account. In the UK the Consumer Credia Act protects you if you use a credit card and your card company must refund any fraudulent transactions. Debit cards do not enjoy this protection and if your PayPal account or something linked to it gets compromised and your debit card gets raped the cash has already gone, your bank does not have to refund you and your only remedy is to try and get the money back from whoever took it.

This topic is closed for new posts.

Other stories you might like