01-18-2016, 10:32 AM
I see this all the time, and Kosh is right, this isn't actually "hacking" really, basically an automated system has gotten access to your Skype account through one of any number of means and is botting all over your business.
The reasons for doing this are pretty varied, to try to gain access to more accounts, for monetary gain, or to spread other malware. as Kosheh said sometimes it's even a company sending out links to their own site, or in some cases people literally pay people to use things like this as an underhanded way of driving traffic. If you ask me the whole things is pretty dumb, but often we're talking about people who have no real ethics or morals to begin with, and because of their practices legitimate means are beyond their reach.
Change your password and run a scan on your system, odds are your details were nabbed without your knowledge, or even without your interaction entirely, hell, it could just be a system literally guessing login credentials that happened to find yours.
You'd think the odds of that working would be much lower than the reality, all you have to do is flip the problem backwards.
To give you an example, the way people "guess" bank accounts numbers and pins, you'd assume they pick an account number and then try every possible pin number from 0000 up to 9999.
That's the stupid way of doing it, instead you pick what's likely to be a reasonably common pin number, say, "1337" for the sake of giggles, and then try random account numbers.
This method is smarter for a couple reasons, but most importantly it means there's no obvious record of one account having the wrong pin entered repeatedly, instead it's lots of accounts having the wrong pin entered once, which nobody is gonna pay any attention to.
In the case of emails and passwords, you do the same, pick a common password like, well, "password" and then cycle through a list of emails you've crawled from the internet.
Provided you know the password rules for the particular system, even the security against brute-forcing doesn't make it any harder. If you know the system needs one capital letter and one number, you know "password" is just gonna be "P4ssword" or "Password1" anyway.
Obviously this is only useful if they don't care which account they get into, and in the majority of cases they really don't, they're not actually targeting you.
I'm a little off-topic I realize, basically all I'm saying is change your password and check your system, but I figured it might be interesting to know how this works in reality, and might help you pick your passwords even better beyond just including a number and a capital letter.
(One of my favourite tricks is to pick a password like "Buy12eggs" and just write it down somewhere, even if someone finds it written down all it says is "buy 12 eggs", and they'll just think hot damn do you love eggs but they don't know your password)
(my password is not "Buy12eggs", just fyi)
The reasons for doing this are pretty varied, to try to gain access to more accounts, for monetary gain, or to spread other malware. as Kosheh said sometimes it's even a company sending out links to their own site, or in some cases people literally pay people to use things like this as an underhanded way of driving traffic. If you ask me the whole things is pretty dumb, but often we're talking about people who have no real ethics or morals to begin with, and because of their practices legitimate means are beyond their reach.
Change your password and run a scan on your system, odds are your details were nabbed without your knowledge, or even without your interaction entirely, hell, it could just be a system literally guessing login credentials that happened to find yours.
You'd think the odds of that working would be much lower than the reality, all you have to do is flip the problem backwards.
To give you an example, the way people "guess" bank accounts numbers and pins, you'd assume they pick an account number and then try every possible pin number from 0000 up to 9999.
That's the stupid way of doing it, instead you pick what's likely to be a reasonably common pin number, say, "1337" for the sake of giggles, and then try random account numbers.
This method is smarter for a couple reasons, but most importantly it means there's no obvious record of one account having the wrong pin entered repeatedly, instead it's lots of accounts having the wrong pin entered once, which nobody is gonna pay any attention to.
In the case of emails and passwords, you do the same, pick a common password like, well, "password" and then cycle through a list of emails you've crawled from the internet.
Provided you know the password rules for the particular system, even the security against brute-forcing doesn't make it any harder. If you know the system needs one capital letter and one number, you know "password" is just gonna be "P4ssword" or "Password1" anyway.
Obviously this is only useful if they don't care which account they get into, and in the majority of cases they really don't, they're not actually targeting you.
I'm a little off-topic I realize, basically all I'm saying is change your password and check your system, but I figured it might be interesting to know how this works in reality, and might help you pick your passwords even better beyond just including a number and a capital letter.
(One of my favourite tricks is to pick a password like "Buy12eggs" and just write it down somewhere, even if someone finds it written down all it says is "buy 12 eggs", and they'll just think hot damn do you love eggs but they don't know your password)
(my password is not "Buy12eggs", just fyi)