informa
Commentary

Live Chat With A Cybercrook! Popup Talk Latest Scam

Phishers have always counted on volume and automation to generate revenues: scam mails by the millions, proliferating malware links, a deluge of devious and deceptive tools designed to grab info from the unsuspecting. Now they're using chat to pluck their pigeons one-on-one.
Phishers have always counted on volume and automation to generate revenues: scam mails by the millions, proliferating malware links, a deluge of devious and deceptive tools designed to grab info from the unsuspecting. Now they're using chat to pluck their pigeons one-on-one.Can we talk?

That's the message some online banking scammers are trying out with a new approach known as chat-in-the-middle.

Works like this:

A piece of phishing mail designed to look like a legit piece from a bank goes out.

Unwary customers of that bank click the link, and go to the phony banking site the phishers have set up.

Once there, a chat window window pops up and the crooks draw their mark into a supposedly legitimate online conversation about fraud prevention, drawing out more and more information as they do so.

So far, accoridng to a posting on RSA's FraudAction Research Lab blog , the chat attacks are aimed at a single, so far unnamed, financial institution.

Small comfort there: This latest approach, like the recent inline popup banking scams the phishers tried, is best thought of as test marketing.

If it works, the technique will undoubtedly spread, although because this one requires human input from the crooks as well as the marks, there may be a limit to how far it spreads or how much it has to make to offset the labor and time costs it carries.

Recommended Reading: