We were made aware that phishing for Skype credentials is currently taking place. The link the phishing mails direct to are dangerous – they aren’t detected by any phishing filter of the popular browsers yet.
One thing caught my attention. Modern browsers should support domain highlighting so that the real domain is visible when someone surfs the Internet. Like Internet Explorer 8 properly does:
There you can clearly see that you are not on the Skype website, but on another domain.
Firefox does not highlight that URL:
Neither does Google Chrome:
Chrome grays out the “disturbing” parts of that URL, like the URI, the path and parameters of the link. Still it may fool the user to think it is the Skype website.
Once a user gives away her/his credentials, the website redirects to the real Skype download page.
Although Avira WebGuard detects this URL, users are well advised to properly check the links they are visiting before entering any personal data like login credentials.