You are here: Home / Blog / Skype Scam Alert – Fake Virus Call from System Alert

Skype Scam Alert - Fake Virus Call from System Alert

By 386 Comments

Beginning on or around March 15, 2011, numerous people have reported that they've received virus scam calls on Skype from a robotic voice telling them that their computer is infected.

Rep0rted scammer names are calling on Skype coming from...

  • John Simmons @ Online Alert
  • Online Notification
  • ONLINE REPORT NOTICE
  • Skype Alert System
  • System Alert
  • System Service
  • Service Report
  • Service Update Report
  • Update Notification

These scammers call you directly on Skype and ask you to accept the call.

The scammers Skype usernames that have been reported to me so far are (in alpha order)...

  • drfacima8a
  • drfam9aa
  • drfcammmaikaa5
  • drfiakalvinn1
  • drfiakalvinn5
  • drfikaloapal
  • drhelpmnsys10
  • drkidavusggkam10
  • drsybasysm11
  • drupdateinfozbc3
  • drupdateinfozbc8
  • drvmupdfazuu2
  • drz1sysnotice4
  • drzabcalert14
  • drzabcalert2
  • drzzjohnsimmalm1
  • sintsystmas11

What makes this dangerous is the scammer then tells them to visit a website to remove the virus from their computer. The referred website contains malicious script that can potentially infect your computer viruses.

Reported malicious domains/url given by the scammers...

  • sosbl.com - Norton Safe Web has reported viruses
  • updatega.com - No Norton Safe Web reports.

According to Norton, sosbl.com is based out of the Netherlands and is unsafe to visit and contains a virus and a drive-by download to a Trojan.FakeAV.

For more information about what a Trojan.FakeAv is, Norton has an article here.

What does it the infected website look like?

Don't be fooled! Below is an actual screen shot taken from the malicious website sent by the scammer that "looks" like it could be your own computer screen. It's not... It's actually a "web page" opened in a browser.

Skype Scam Alert - Fake Virus Call from System Alert

IMPORTANT: You'll know it's not your computer because it's actually in your web browser. Notice you can see the address bar with the URL filled in.

What happens if I stay on the infected webpage?

In the image above you can see a scrolling green progress bar (says 88%). After it gets to done (100%), the screen changes to:

Skype Security Alert Fakeav Virus

Now it tries to trick you into clicking the "Erase all threats" button to infect your computer.

DO NOT CLICK THE ERASE ALL THREATS BUTTON. CLOSE THE BROWSER.

If I close the browser did my computer still get infected?

Even though you did not click on any buttons and just closed the web page, your computer still has traces in your browser history, web cache and cookies, and it may have downloaded other files.

Anytime you ever experience a page like this it's always best to delete your cookies and cache and do a complete anti-virus and malware scan on your computer immediately.

Does Skype know about this fake virus scam?

In an effort to combat this issue and provide protection for you, I've contacted Skype's Customer Service department. Customer Service has responding with the following:

We understand your concerns regarding receiving spam calls claiming to be from Skype.

If you receive an email or a call claiming to be from Skype under the name of "Online Notification" or "Skype alert system" or from the Skype usernames "drzabcalert11" and "drzabcaert4", do not answer it because it is a spam call that will tell you that you have a virus on your computer and will ask you to visit www.sosbl.com.

Fraudulent emails and calls may ask you to provide your Skype password, Skype payment details, or other sensitive personal information. They may also advise you that your account is being cancelled, you have been reported for abuse, or that your payment or password has been refused or changed. If you receive an email or a call like this, please let us know immediately.

These emails and calls are known as "spoof" or "phishing" emails or calls . The people who send them hope that you will:

Open the attachment to the email (if provided) or answer the call. If you do so, the attachment file or the call itself could infect you computer with dangerous viruses.

For more information on Skype security, please visit: http://www.skype.com/go/security/.

To avoid receiving any calls like this, you can adjust your privacy to not receive any call from a person outside your contact list, to do this open Tools > Options > Privacy > Show Advanced Options and adjust your settings accordingly.

We hope you found this answer helpful. Should you need any further assistance or have additional questions please do not hesitate to contact us again.

Skype Customer Service

I recommend you change Allow calls from... "anyone" to "people on my Contact list only."

How do I block or report a contact to Skype?

I received this message from Skype's Customer Service Department on how to block and report the scammers.

The alert message that you received via a Skype chat has been sent by a company that is trying to advertise their product on the net, whilst advising users that their machines have low levels of security.

These messages are not based on a real computer check and therefore are not reliable. Please ignore this chat alert.

If you receive chat messages or calls from people you do not know you may need to change your Skype privacy settings. You can change your privacy settings in Skype to only allow calls or chats from people in your Contact List.

In Windows, go to Tools > Options > Privacy...

  1. Locate the section Allow calls from... and tick people in my Contact list only.
  2. Locate the section Allow IMs from... and tick people in my Contact list only.
  3. Click Save.

You can also block and report abusive users, which will help us to identify and prevent spammers. To report spam directly from Skype, you need the latest version of Skype for Windows or Mac. Download the latest version if you don’t have it already: http://www.skype.com/go/download.

Blocking contacts in Skype
To block and report a contact request who is sending you spam:

  1. Click the Contact request notification just above the Contacts/Recent tabs.
  2. In the This person would like to connect with you message box on the right, click Block.
  3. The Block this person message box displays. You can choose to Report abuse by ticking the box.
  4. Click Block.

If the abusive contact is already in your Contact List:

  1. In the Contacts tab, right-click a contact’s name and select Block this person.
  2. In the message box, tick Report abuse, and then click Block.

Signing out securely from Chats
In addition you should ensure that when you leave a chat and you no longer wish to share contact details with the contact, that in Skype you type /leave to make sure that you cannot be added back to that same chat.

You can rest assured that we’re working hard behind the scenes to combat spam, and will take action against spammers where appropriate.

Skype Customer Service

Is the malicious website still on the internet?

As of March 17, 2011 at 11:50 am CST, the answer is YES! The abuse has already been reported in an attempt to take this malicious website down. But in the meantime, please do not visit the link and hang up if you receive any of these calls.

Be sure to protect your computer with up-to-date anti-virus software and run daily scans. And protect your WordPress sites by not keeping your login information or other important credentials saved on your PC.

UPDATE: March 18, 2011 at 10:15am (CST)

Woohoo! The website has now been taken down by the hosting company. Thankfully, anyone being tricked to open the URL are safe at the moment. It is possible for the scammers to move the site to another host, so we'll see if it stays offline.

You can check to see if the site is offline by visiting:

http://www.phishtank.com/phish_detail.php?phish_id=1156033

UPDATE: March 22, 2011 at 9:15am (CST)

The domain of udateba.com is a new domain that was reported to us as where the scammers are directing their callers to go to. I have checked that domain and so far it has not been registered.

UPDATE: March 24, 2011 at 6:48am (CST)

One person has commented on this post that when attempting to send a Skype message to the caller it crashed her laptop and she is unable to turn it on/boot.

UPDATE: March 24, 2011 at 4:15 pm (CST)

The domain updatega.com has been reported as the url that some scammers are telling their callers to go to.  This site has already tricked someone that left a comment on this site to purchase their "virus fix" bogus software.

UPDATE: March 29, 2011 at 9:45am (CST)

updatega.com is still live but has a 403 Forbidden error so thankfully, at this moment, no one can be "tricked." Methods have been put in place to seek and destroy!

We need your help

Have you received a scam call on Skype? If so, please look at your Recent History and find out the Skype Name, date and time they called you so we can continue to report it to Skype.

Were you referred to a different url other than sosbl.com? If so, please let us know so we can continue to help each other stay safe. Leave a comment below.

I will update this webpage of any new developments.

Securely yours,

Regina Smola
WordPress Security Expert
Follow on Twitter @WPSecurityLock
Become a Facebook Fan

drfacima8a
drfam9aa
drfcammmaikaa5
drfiakalvinn1
drfiakalvinn5
drfikaloapal
drhelpmnsys10
drkidavusggkam10
drsybasysm11
drupdateinfozbc3
drupdateinfozbc8
drvmupdfazuu2
drz1sysnotice4
drzabcalert14
drzabcalert2
drzzjohnsimmalm1
sintsystmas11
Pin It
Filed Under: Blog, Security News Tagged With: , , , , , , , , ,
About Regina Smola

Regina is a sought-after WordPress Security Expert, Speaker, Author and owner of WPSecurityLock.com and WPSecurityClub.com.

She has helped thousands of WordPress users tighten security on their WordPress blogs and written numerous articles, books and action guides on securing self-hosted WordPress websites.

Regina provides WordPress Security Services for clients with both new and existing WordPress websites. She also offers individual consultations and group training on WordPress security. More about Regina Smola.

Comments

  1. Sarah says:
    May 7, 2012 at 2:31 am

    I received a call 10 minutes ago then another 6 minutes ago from NOTIFICATION- SYSTEM MAINTAINENCE but didn't answer them.

    Thanks for the heads up!!

    Reply
  2. amanda says:
    May 8, 2012 at 2:57 pm

    just got 2 calls w/in 5 minutes from NOTIFICATION@SYSTEM MAINTENANCE telling me my computer security was out of date. Referred me to pporp[dot]com both times.

    Reply
  3. Vriska says:
    May 8, 2012 at 4:50 pm

    I got a call while I was at work (I leave Skype open at home) from NOTIFICATION© - SYSTEM MAINTENANCE..
    The actual user name wasn't even close to anything listed, it was sys[dot]bbo[dot]i
    This is like the 30th or so in the past two months..
    I haven't listened to any of them.. No system maintenance should be over Skype, and if it was I should be the one starting the call to a well known and trusted company, as if using a real phone.

    Reply
  4. KP035 says:
    May 10, 2012 at 9:55 am

    I also got a call from [5/9/2012 6:33:40 PM] *** NOTIFICATION© - SYSTEM MAINTENANCE *** several times, and I've been just blocking this contact from my list, but it keeps appearing.

    Finally, today I accepted the call and it referred me to this website: prpp[dot]com contact is labelled
    "sys[dot]gwx[dot]c"

    Hope this helps eliminate the scammer!!!

    Reply
  5. Ann says:
    May 11, 2012 at 11:16 am

    i received an automated message as well telling me that my computer protections were down and they referred me to the following website: www[dot]psswp[dot]com

    I don't know if it's legit or not but i'm posting this just in case and not going to that site.

    Reply
  6. Fiona says:
    May 12, 2012 at 6:57 am

    I too received a maintenance call today that looked to be from Skype - maintenance.fp7 - saying that my computer security was down and referred me to the following website: www[dot]ppwss{dot]com

    I thought I would check first before going onto the website - and am glad that I came across your website. Thank you.

    Reply
« Older Comments

Speak Your Mind

*

You can add a link to follow you on twitter if you put your username in this box.
Only needs to be added once (unless you change your username). No http or @ Twitter