Microsoft has added a new feature to the Skype consumer service allowing anyone to use Skype, even if they don’t have an account.
Today, we’re excited to announce that we’ve made it easier than ever for you to connect with anyone on Skype, without needing to register or even download it. By joining Skype as a Guest, you can quickly chat, voice or video call without any hassle. Perfect if you’re new to Skype and want to quickly chat with someone, anywhere in the world, for free.
To get started, go to Skype.com, tap start a conversation and add your name. You will then be provided with a unique conversation link. You can share this link with your contacts—either individually or as a group—via email or via your social networks. Once they click on the link, they’ll be able to join your conversation immediately. They can also join as a Guest if they’re using Skype for Web.
Now, call me paranoid, but my mind immediately turned to how this feature could be abused. Microsoft has lots of smart security people working for them, so surely they’ve included safeguards when they designed this feature.
So I tried it. First, you just go to the Skype home page and click on Start a Conversation.
Enter any old name you like, for example “Microsoft Support”.
When the conversation begins, you’re provided with a link to send people so that they can join the conversation.
Now, obviously a scammer getting a link into someone’s inbox is not a big challenge. Spam and phishing scams is a real problem these days. And being able to send someone an enticing link to a Skype conversation with “Microsoft Support” is going to quickly bag a few victims. Microsoft, Gmail and other mail providers have pretty good spam filters, but they always miss a few here and there. To me it seems like it would be a challenge to accurately block emails with “join.skype.com” links to prevent abuse.
Anyway, when the victim clicks the guest link they’re presented with a Skype conversation that looks as genuine as any other.
This just doesn’t feel right to me at all.