No more calls: How scammers use Skype disconnection

On May 5, Microsoft shut down the Skype messenger, inviting users to upgrade to the Teams platform. This will lead to a surge in online fraud, which Russians may also suffer from, cybersecurity experts believe. Izvestia found out what schemes criminals can use and how to protect themselves from them.

Phishing surge

Disabling Skype can trigger a wave of fraud on the Internet. Irina Dmitrieva, an analytical engineer at the Gazinformservice cybersecurity research Laboratory, made such a forecast in an interview with Izvestia.

— The situation may cause panic among users who are afraid of losing their data. Fraudsters will take advantage of this — in particular, a surge in phishing emails related to data migration to Teams and "instructions" on data migration is predicted, the expert noted.

Photo: IZVESTIA/Sergey Konkov

Maxim Alexandrov, an expert of the Security Code software products, shares the same opinion. According to him, cybercriminals can send mailings, create fake accounts in messengers on behalf of the "Russian office of Microsoft" and warn about the end of Skype operation. Links or even APK files (application file) will be attached to such requests, which are naturally malicious.

False challenge: every second Russian will face a deepfake attack by the end of the year

How fake video and voice messages are created

Skype messenger stopped working on May 5. This was officially announced by Microsoft. Messenger support has been discontinued, and the corporation will continue to focus on the development of the Microsoft Teams platform. The popular service has been operating on the market since 2003. It was the first product to offer users a modern standard: text, voice messages and video calls. Microsoft acquired it in 2011 for $8.5 billion, and six years later it introduced Teams to the general public, which is now intended to become the main communication platform.

Photo: TASS/ZUMA

In April 2025, Skype users received notifications about switching to the free version of Teams while retaining the main functions: video calls, messaging, and files. Data from Skype will be stored until January 2026. Users can export them manually or wait for them to be deleted automatically.

Deception schemes

According to cyber expert Irina Dmitrieva, the email scheme will become the most common one related to disabling Skype. Most likely, they will be sent with the topics "transfer Skype data to Teams", "critical Skype updates for data migration", "providing technical support for data migration to Teams" and the like. The links in them will lead to fake Microsoft websites recreated to steal logins and passwords from corporate accounts.

— As "beacons" of phishing emails related to the shutdown of the service, emphasis is placed on the "urgency" of data transfer — for example, the statement that "conversation log data will be deleted if the transition is not completed immediately." For credibility, the attachment will include "instructions" that are likely to be infected with malware," says an expert from Gazinformservice.

Photo: IZVESTIA/Anna Selina

In fact, she emphasizes, the data in Teams is transferred automatically and no additional actions are required. Microsoft representatives will not write to users in messengers, request account data, or connect remotely to a workstation via AnyDesk or TeamViewer.

Another topic that scammers are likely to use is related to the use of search engines, the Izvestia interlocutor adds. For example, when you enter the query "error when switching to Teams", clone sites created by scammers "Microsoft Teams technical support" will get to the top of the search results. On sites like these, malware will spread through fake migration tools, fake Teams installers, Microsoft license verification credentials forms, or fake "support" chats requiring malicious extensions to be installed.

Risk windows: how not to lose money through a screen demonstration

Every fifth case of online learning fraud is related to a request to show a monitor.

Risk groups

According to experts, ordinary users who do not know about the platform shutdown, but at the same time have a rich history of correspondence, will be the first to suffer from scammers.

— This will mainly affect those who installed Skype "a hundred years ago" and have not used other video conferencing software since. Therefore, they are more likely to believe the "official" letter from Microsoft and follow the malicious link, says Maxim Alexandrov.

Photo: TASS/ZUMA

Small and medium-sized businesses are also at risk: it will be difficult for them to migrate business processes after Skype is disabled. A lot of internal communication processes and client calls are related to the historical Microsoft project, and forced migration can lead to downtime of business processes and integration errors of Teams.

"For inexperienced IT specialists, an attempt to transfer data can lead to phishing links offering "quick and easy migration" (that is, installing malware "as a gift"), where the result may be theft of corporate data," notes Irina Dmitrieva.

Photo: IZVESTIA/Alexander Kazakov

In the case of large enterprises with extensive infrastructure, parallel use of alternative business solutions and experienced administrators, attacks can be much more difficult and initiated by large ART groups. The complexity of migration in this case is determined by the parallel use of related ecosystem products and arrays of data processed in Skype.

— Targeted phishing on administrators ("update Teams access policies urgently") and compromise of API integration for data synchronization can be used as attacks. A more advanced attack in the future is the exploitation of new vulnerabilities that will be relevant for the infrastructure that has kept the service in use, while there will be no more security patches," concludes the Gazinformservice expert.

Malicious code: How apps become tools for scammers

And why do apps collect unnecessary user data?

Methods of protection

Deception under the pretext of shutting down Skype is not a new trick of cybercriminals. Hackers always use such information channels, for example, sanctions against Russian banks and the removal of their applications from large stores, disabling large services. A similar high—profile story occurred at the end of 2020, when Adobe announced the blocking of Flash Player, which led to the appearance of an abundance of sites with fake patches to extend the plug-in, containing Trojans, backdoors and cryptographers, says Irina Dmitrieva.

Photo: TASS/IMAGO/Felix Schlikis

In 2022-2023, Google transferred users from the Hangouts platform to Google Chat — scammers sent phishing emails on behalf of Google Workspace demanding to "update Hangouts integration" and distributed malicious extensions to quickly transfer chats. A similar situation is expected now, so it is important to be on your guard.

Cybersecurity experts remind that Microsoft sends out official notifications only from addresses like *@microsoft.com the rest of the domains are phishing. In addition, the company's employees do not ask for usernames and passwords during personal communication, cybersecurity experts remind.

Photo: . REUTERS/Bruna Casas

— It is also not recommended to click on hyperlinks and manually enter the specified address in the search engine, for example, teams.microsoft.com . To protect yourself at the browser level, you should use built—in protection tools, including ad blockers," advises Irina Dmitrieva.

For preventive protection, she recommends scanning devices with antivirus software, updating the operating system, and deleting Skype, since unsupported software is a target for cybercriminals. New applications should be downloaded only in legitimate stores, this will reduce the risk of infection of the device, concludes Maxim Alexandrov, an expert of the software products of the Security Code company.