I've been hit with the Skype billing issue discussed in this Slashdot thread. A few days ago, I received three e-mails in succession:
- The first said came with the subject "Skype: problem with your payment" and began with the greeting "Hi there Joel Adams, Unfortunately your payment failed, but don't worry, we didn't deduct any money from your card." I thought it was a phishing attempt, but it listed my correct Skype Name. Uh oh. I haven't ever paid into my Skype account, and my name, as most of you know, is not Joel Adams. Alarm bells went off.
- The second e-mail came 3 minutes laterwith the subject "Skype: we've delivered your purchase." It began with the greeting "Hi there Roseangela Rubio, Thanks for buying Skype Credit. We're happy to confirm your payment." AGain, it included my correct Skype Name. I was even more worried, and a bit confused. Who is Roseangela Rubio?
- The third e-mail, with the same time stamp as the second, had the subject line: "Welcome to Auto-Recharge". This note was addressed to Roseangela Rubio.
I immediately logged into my Skype account, changed my password, canceled Auto Recharge, and removed the credit card in my account. Then I waded through the customer support links to find one to submit an inquiry as to how this could have happened.
I received a reply 2 days later saying that it seemed a third party might have gained access to my account, and asking me to change my password. Of course I'd done all of that already. What was aggravating was this paragraph:
Skype can not refund the money you might have lost due to this incident. Every user has to take care of his/her security systems on private computers.
Please check if your PC?s security systems are running properly and if they are up to date. In order to prohibit those incidents Skype strongly advises to regularly update your PC's security software (e.g. firewall, antivirus etc.). It is possible that a trojan or some kind of hidden information collector is installed on your computer and sends this to a third party who uses this information abusively. Also be aware of different 'phishing' sites or Skype chat messages from strangers that contain links or require you to reveal personal information (passwords, credit card numbers etc.)
Any reasonably tech saavy user is going to resent the implications in this e-mail, the tone of voice that lumps them in with people who write their password on post-it notes and stick them on their computer monitor. I keep all my passwords in Yojimbo, I don't use dictionary words, etc. I always forward phishing messages, most of them for eBay, Paypal and Bank of America, to those companies.
I've written Skype back and demanded a refund, and we'll see how that goes. I've enjoyed using Skype a bit here and there in the past. It's a solid product. But any security issue like this, followed up by a customer service response that includes a sermon on PC security, is bound to leave a really bitter taste in one's mouth. Let's see how they respond.
In the meantime, if you're a victim of this problem, and you're reading this message, you are the resistance! (I just returned from a screening of Terminator: Salvation)