Websense® Security Labs™ ThreatSeeker™ Network has discovered a scam that uses a fake Skype message about a lottery to get money from the victim. The scam is becoming widespread in China.

The scam uses a phony Skype message to trick the victim into believing that he or she has won a large prize in a lottery. The message includes the address of a phishing Web site and the telephone number of a phony support center. When the victim calls the support number, the operator directs the victim to fill out the form on the phishing Web site, including bank account information. This scam combines Web-based phishing with telephone-based human interaction, a technique that is becoming more sophisticated and popular in China.

Here is how it works:

Step 1:
The victim receives a fake message from a phisher disguised as Skype representative. The message states that the recipient has won a large prize. The message includes a fake Web site, like “http://sky63.xxxxx.cn/”, and a phone number, such as “0898-881-44xxx”. Often the prize is as much as 100,000 RMB, plus a new car.

Here is a typical fake Skype message:


Step 2:
The victim calls the number and goes to the phishing Web site to enter personal and bank account information.

Here is the phishing Web site:


Step 3:
This is where the scammers get the victim’s money. After filling out the form, the victim is directed to another Web page that informs the victim that he or she must pay a fee, in advance, to get the prize. The fee is often several hundred RMB.

The combination of the Skype message and the real phone number makes the lottery scam look real. The promise of a big prize–100,000 RMB and a car–makes the lure hard to resist. The victim happily pays the money. But the result is that the victim loses his or her money and, of course, there is no prize.

This page asks for a fee:

Websense Messaging and Websense Web Security customers are protected against these threats.

You must be logged in to post a comment.