Okay guys and gals, the scam was my Skype account was hacked. Unlikely that they merely guessed my password because they would have changed it and then simply added credit. It is more likely either a Skype backdoor, some other hack, or brute force. I don't know enough at this stage to guess.
What's weird is that they activated somehow Skype Manager which is the "business" Skype account and then added four accounts as "members" with me still as the Admin. They then triggered an Auto-Recharge somehow so that the system saw ?0 and then auto-charged ?100, all of course without my actions. I received two "authorisation" calls this morning but it said to decline, just hang up. So I did just that. Anyway the auto-recharge charged ?100 Euros to my credit card, and then they allocated ?25 to each of these "members". Only ?13 was spent by one of these members. So I was able, as Admin, after changing my password of course, to "retrieve" the allocations to the "members" back to myself.
So I can either dispute the amount, or close Skype Manager, which is what I did, resulting in the remaining ?87 going back to my Skype credit.
I would rather not dispute at this stage with Skype or the Credit Card company. I don't trust Skype enough that they wouldn't "freeze" the account if my Credit Card company called them to dispute. Then I'd never get the credit back.
This way, hopefully I will manage to retain my credit and use it as I need to... I have been using SkypeOut, it has saved me about the amount fraudulently charged and I will need to continue to use it... Of course, AUD$100+ is a lot of SkypeOut credit.
Bottom line, DO NOT GIVE PAYPAL, SKYPE or EBAY YOUR CREDIT CARD INFORMATION. There's too much scamming and not enough local, reliable telephone support from them, and too many horror stories. Stay away from them, unless you have appropriate "risk management" in place.
That's reason number three that I absolutely refuse to ever use Skype and hate it at its fundamental level.
Sorry for your loss.
Use this for password creation in the future, I'd imagine, on Skype or otherwise. That way you can know for a fact that it isn't your fault if your account is hacked.
Bottom line, DO NOT GIVE PAYPAL, SKYPE or EBAY YOUR CREDIT CARD INFORMATION. There's too much scamming and not enough local, reliable telephone support from them, and too many horror stories. Stay away from them, unless you have appropriate "risk management" in place.
Too late!
Sorry for your loss. It is like being violated. Has happened to me before because I used a weak password for years that I dreamt up in the early 90's... ignoring Moore's Law
I now follow the password creation tactics laid out in Tallest Skil's .png above... but tend to throw in some punctuation/etc. as well.
A good place to test the time it might take to brute-force crack a password can be found here, quite illuminating for many people I suspect.
Sorry for your loss. It is like being violated. Has happened to me before because I used a weak password for years that I dreamt up in the early 90's... ignoring Moore's Law
I now follow the password creation tactics laid out in Tallest Skil's .png above... but tend to throw in some punctuation/etc. as well.
A good place to test the time it might take to brute-force crack a password can be found here, quite illuminating for many people I suspect.
Thanks to all for the understanding and sympathies. It is quite violating. This is why credit card accounts are still very much viewed with suspicion by consumers in Asia especially for online transactions. How ironic we tend to transact more online but I would do so only with reputable websites. Skype, PayPal, eBay, Xbox Live is now all off my list because of poor support, no phone contact, and their international spread makes it difficult to track it down to one office. eBay is definitely screwed up right now as well. They'll bill you for listings even though the buyer hasn't payed and you have to go through so-called "dispute processes" to claim it back. Happened years ago, happened again. I thought being in Australia now operating through eBay Australia and so on would be better, but really, the "Australian" part is nothing more than just virtually a "/au" at the end of ebay.com. There are much better local resources.
As for my password, it is secure enough:
Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second)\t33.22 centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)\t17.41 minutes
It's probably a Skype security flaw, or at least that's my hypothesis at this stage.
Skype has detected it themselves, the account is soon to be blocked I reckon, since this morning it says "You cannot purchase new products or redeem" although my credit is still showing. I filed a support ticket with them and then when it shows up on my online credit card transaction list I'll file a dispute with the credit card company. There are fairly well structured systems in Australia (where my credit card bank is located, with a local call centre as well not off-shored) to protect consumers. Just a pity of all these globalised companies like Skype, eBay and PayPal operating almost without jurisdiction, and almost above the law in so many cases.
We'll see what happens. Like I said the fact that something has been red-flagged by Skype without my credit card company filing a dispute yet means that they know there's suspicious activity. If the password was merely guessed then it would not have raised any flags, unless of course the actions taken by the hackers were extremely suspicious. But like I said, if they obtained the password and were not flagged after that, nothing too weird happened. It was simply setting up this "Skype Manager" and then putting themselves as "members" of my main account and allocating themselves credit. These "member" accounts probably got flagged because they would have done it to multiple accounts. €100 is a very tiny scam in comparison, I mean, even reselling the credit or whatever is not much. They must have done this "member" account siphoning from multiple users.
Comments
What's weird is that they activated somehow Skype Manager which is the "business" Skype account and then added four accounts as "members" with me still as the Admin. They then triggered an Auto-Recharge somehow so that the system saw ?0 and then auto-charged ?100, all of course without my actions. I received two "authorisation" calls this morning but it said to decline, just hang up. So I did just that. Anyway the auto-recharge charged ?100 Euros to my credit card, and then they allocated ?25 to each of these "members". Only ?13 was spent by one of these members. So I was able, as Admin, after changing my password of course, to "retrieve" the allocations to the "members" back to myself.
So I can either dispute the amount, or close Skype Manager, which is what I did, resulting in the remaining ?87 going back to my Skype credit.
I would rather not dispute at this stage with Skype or the Credit Card company. I don't trust Skype enough that they wouldn't "freeze" the account if my Credit Card company called them to dispute. Then I'd never get the credit back.
This way, hopefully I will manage to retain my credit and use it as I need to... I have been using SkypeOut, it has saved me about the amount fraudulently charged and I will need to continue to use it... Of course, AUD$100+ is a lot of SkypeOut credit.
Bottom line, DO NOT GIVE PAYPAL, SKYPE or EBAY YOUR CREDIT CARD INFORMATION. There's too much scamming and not enough local, reliable telephone support from them, and too many horror stories. Stay away from them, unless you have appropriate "risk management" in place.
Sorry for your loss.
Use this for password creation in the future, I'd imagine, on Skype or otherwise. That way you can know for a fact that it isn't your fault if your account is hacked.
Bottom line, DO NOT GIVE PAYPAL, SKYPE or EBAY YOUR CREDIT CARD INFORMATION. There's too much scamming and not enough local, reliable telephone support from them, and too many horror stories. Stay away from them, unless you have appropriate "risk management" in place.
Too late!
Sorry for your loss. It is like being violated. Has happened to me before because I used a weak password for years that I dreamt up in the early 90's... ignoring Moore's Law
I now follow the password creation tactics laid out in Tallest Skil's .png above... but tend to throw in some punctuation/etc. as well.
A good place to test the time it might take to brute-force crack a password can be found here, quite illuminating for many people I suspect.
Too late!
Sorry for your loss. It is like being violated. Has happened to me before because I used a weak password for years that I dreamt up in the early 90's... ignoring Moore's Law
I now follow the password creation tactics laid out in Tallest Skil's .png above... but tend to throw in some punctuation/etc. as well.
A good place to test the time it might take to brute-force crack a password can be found here, quite illuminating for many people I suspect.
Thanks to all for the understanding and sympathies. It is quite violating. This is why credit card accounts are still very much viewed with suspicion by consumers in Asia especially for online transactions. How ironic we tend to transact more online but I would do so only with reputable websites. Skype, PayPal, eBay, Xbox Live is now all off my list because of poor support, no phone contact, and their international spread makes it difficult to track it down to one office. eBay is definitely screwed up right now as well. They'll bill you for listings even though the buyer hasn't payed and you have to go through so-called "dispute processes" to claim it back. Happened years ago, happened again. I thought being in Australia now operating through eBay Australia and so on would be better, but really, the "Australian" part is nothing more than just virtually a "/au" at the end of ebay.com. There are much better local resources.
As for my password, it is secure enough:
Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second)\t33.22 centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)\t17.41 minutes
It's probably a Skype security flaw, or at least that's my hypothesis at this stage.
Skype has detected it themselves, the account is soon to be blocked I reckon, since this morning it says "You cannot purchase new products or redeem" although my credit is still showing. I filed a support ticket with them and then when it shows up on my online credit card transaction list I'll file a dispute with the credit card company. There are fairly well structured systems in Australia (where my credit card bank is located, with a local call centre as well not off-shored) to protect consumers. Just a pity of all these globalised companies like Skype, eBay and PayPal operating almost without jurisdiction, and almost above the law in so many cases.
We'll see what happens. Like I said the fact that something has been red-flagged by Skype without my credit card company filing a dispute yet means that they know there's suspicious activity. If the password was merely guessed then it would not have raised any flags, unless of course the actions taken by the hackers were extremely suspicious. But like I said, if they obtained the password and were not flagged after that, nothing too weird happened. It was simply setting up this "Skype Manager" and then putting themselves as "members" of my main account and allocating themselves credit. These "member" accounts probably got flagged because they would have done it to multiple accounts. €100 is a very tiny scam in comparison, I mean, even reselling the credit or whatever is not much. They must have done this "member" account siphoning from multiple users.