Skype Hackers

[Koh]

Be on the lookout for Skype Hackers.  Mine was just hacked overnnight and they sent everyone in my contact list a link, which can't lead to anything good. If you've received a link from me overnight, don't click it!  I've already responded with what happened.  But change your passwords if you feel the need for extra security.

[Kosheh]

welcome to skype. and the grim caveats of instant messaging: it spreads bad news faster than email.

thanks for posting a warning to us, though! we'll keep a lookout.

not to be an asshole here but what they're doing isn't really hacking. it's like calling us hackers when some of us just printscreen games and clean it up.
(actually im just discrediting them, by telling everyone how it starts. doing this will probably make it easier to avoid it in the future)

see, one guy makes a fake login page (this is "phishing" - they're setting up "bait" for less savvy people to take) or sometimes a script that downloads and installs a keylogger (which tracks every key you hit...I guess this could be considered "hacking") and he's an asshole. [fun fact: sometimes this is a COMPANY, and they'll monetize off each one! THAT'S spooky]
he unleashes this on a dummy account to a list of emails he's collected (he'll usually download it off of a torrent site or pay someone to give it to him) and relies on the "trust" of the victim's friends to spread the "word"...which in turn kinda jades your trust in the friend. but really, it's not his trust, it's his proficiency with computers. lmao. in turn it's like a game of "telephone" except your computer gets dumb

and it...kinda happens often as you see. usually, I'd do this in the past back in the days of AIM but I'd have ridiculously strong antiviruses that go off and freak me the heck out, so after the spooky antivirus warnings I kinda realized that it was maybe time to stop clicking them.

but yeah, as a warning to everyone: if you're suspicious of a link your friend just sent you, just don't click it. feel free to tell your friend they were probably phished, and they'll probably message you the next day to apologize (which, don't let it kill your friendship - it won't. but just give your friend some pointers on how maybe to avoid it next time) if your antivirus has a web or messaging filter, feel free to enable it, too.
if it happens, go ham and start running antiviruses everywhere and once they finish change your any account passwords ASAP.

[PatientZero]

I see this all the time, and Kosh is right, this isn't actually "hacking" really, basically an automated system has gotten access to your Skype account through one of any number of means and is botting all over your business.
The reasons for doing this are pretty varied, to try to gain access to more accounts, for monetary gain, or to spread other malware. as Kosheh said sometimes it's even a company sending out links to their own site, or in some cases people literally pay people to use things like this as an underhanded way of driving traffic. If you ask me the whole things is pretty dumb, but often we're talking about people who have no real ethics or morals to begin with, and because of their practices legitimate means are beyond their reach.

Change your password and run a scan on your system, odds are your details were nabbed without your knowledge, or even without your interaction entirely, hell, it could just be a system literally guessing login credentials that happened to find yours.
You'd think the odds of that working would be much lower than the reality, all you have to do is flip the problem backwards.

To give you an example, the way people "guess" bank accounts numbers and pins, you'd assume they pick an account number and then try every possible pin number from 0000 up to 9999.
That's the stupid way of doing it, instead you pick what's likely to be a reasonably common pin number, say, "1337" for the sake of giggles, and then try random account numbers.
This method is smarter for a couple reasons, but most importantly it means there's no obvious record of one account having the wrong pin entered repeatedly, instead it's lots of accounts having the wrong pin entered once, which nobody is gonna pay any attention to.

In the case of emails and passwords, you do the same, pick a common password like, well, "password" and then cycle through a list of emails you've crawled from the internet.
Provided you know the password rules for the particular system, even the security against brute-forcing doesn't make it any harder. If you know the system needs one capital letter and one number, you know "password" is just gonna be "P4ssword" or "Password1" anyway.

Obviously this is only useful if they don't care which account they get into, and in the majority of cases they really don't, they're not actually targeting you.
I'm a little off-topic I realize, basically all I'm saying is change your password and check your system, but I figured it might be interesting to know how this works in reality, and might help you pick your passwords even better beyond just including a number and a capital letter.

(One of my favourite tricks is to pick a password like "Buy12eggs" and just write it down somewhere, even if someone finds it written down all it says is "buy 12 eggs", and they'll just think hot damn do you love eggs but they don't know your password)

(my password is not "Buy12eggs", just fyi)

[DarkGrievous7145]

yah... damn hackers

i don't presently know the condition/status of my account...

i think it's fine.
i'll email some of my contacts and ask if fishy shit's been happening

[Kosheh]

...did you read any of the posts in this topic? or just scrolled down so you could be all "aarg down with hackers, down with the establishment" ??? ???

btw I think at least gmail? and a few other email services let you check where you last signed in (and gmail has a history of your sign-in whereabouts) so if you've got a recent random sign-in from Shenzen or Moscow there's probably "fishy shit" going on with your account and you should probably consider taking some precautions then.

[DarkGrievous7145]

I read them, but seeing as 90% of the time I post anything on this site, especially a text wall, it is automatically questioned or has a negative effect on my reputation despite me trying to help/explain or figure things out, i refrained from, and shall continue to refrain from, doing that.

FYI, I play the tl;dr card quite rarely, unlike most people on the internet.

Think that is everything I needed to say.

[Maxpphire]

A lot of the times for password I'll pick a phrase and replace what I can with numbers and/or symbols (But not all of them) and always capitalize proper nouns

An Example:
The phrase "I love Simon, he is the best Belmont and sure is a Vampire Killer" becomes 1lShit8B&s1@VK

Also this isn't my password, but it's hella encrypted and means something to you but to no one else. They tend to get to be very hard to guess.