Trend Micro researcher Rik Ferguson has discovered a new twist on the old social engineering attacks on Skype — the use of usernames and monikers that appear very, very convincing.
In the latest attacks, which lure computer users to fake anti-virus sites (rogueware), the attackers are using the username “Online Notification” in the Skype chat window.
This tactic lends this attack a veneer of credibility that is missing from the usual “Hi, I’m a sexy lady” or “Hi, buy my Chinese kitchen equipment” scams that are more familiar over Skype.
To the unwary, because of the well chosen user name, these messages appear to be something other than a stranger sending you a message, they appear to be some kind of real online notification.
More details, with screenshot, in this blog entry.