I recently logged into Skype and received two messages from people who I haven’t spoken too in years. Both messages contained a URL to Baidu with my Skype username at the end. I immediately became suspicious and after a cursory search of Google, I discovered that I wasn’t the only one receiving these messages.
According to a support document published by Claudius, Community Manager at Skype, the accounts sending the messages are most likely compromised. The document offers a list of steps that includes, checking your computer for malware, changing passwords, and increasing the security of your Skype account.
Tips to Strengthen the Security of Your Skype Account
Microsoft recently made changes so that Skype, Office, Xbox, and other Microsoft services can be managed with a single account. If you haven’t upgraded your Skype account to a Microsoft account, visit Microsoft’s account page and enter your Skype username and password. You’ll be prompted to upgrade which can only be done once.
Once upgraded, click on the Security and Privacy settings link. This is where you can change your password, add security information, and enable two-step verification.
It’s important to note that in recent years, there have been major data leaks where the login credentials of millions of people have been exposed to the public. If you use the same password on multiple sites, visit Have I Been Pwned and check to see if your password was leaked. If you see the Oh no — pwned! message, you should update your password immediately.
Create a New Primary Alias
In addition to changing passwords and turning on two-step verification, you should limit the aliases that are allowed to login to your account. By default, your Skype username is the primary alias. You should change this to an email address or a phone number and disable your Skype username. Allowing only one alias that’s different from your Skype username limits the amount of entry points into your account.
Keeping Tabs On Your Skype Account
One of the major benefits of upgrading a Skype account to a Microsoft account is the ability to view recent activity. To view the most recent activity, click the Security and Privacy link and click on the see my recent activity link.
This will inform you of successful and unsuccessful login attempts. Some users who have unwillingly sent spam messages with links to Baidu confirmed through the recent activity page that their login credentials were compromised. In addition to the recent activity page, users are encouraged to enable and create alerts to be notified of suspicious activity.
If you receive messages out of the blue on Skype with links to Baidu or LinkedIn, do not click them. Delete the message, send the user a link to this page, and inform them that their account may be compromised.