Phishers have always counted on volume and automation to generate revenues: scam mails by the millions, proliferating malware links, a deluge of devious and deceptive tools designed to grab info from the unsuspecting. Now they're using chat to pluck their pigeons one-on-one.
Phishers have always counted on volume and automation to generate revenues: scam mails by the millions, proliferating malware links, a deluge of devious and deceptive tools designed to grab info from the unsuspecting. Now they're using chat to pluck their pigeons one-on-one.Can we talk?
That's the message some online banking scammers are trying out with a new approach known as chat-in-the-middle.
Works like this:
A piece of phishing mail designed to look like a legit piece from a bank goes out.
Unwary customers of that bank click the link, and go to the phony banking site the phishers have set up.
Once there, a chat window window pops up and the crooks draw their mark into a supposedly legitimate online conversation about fraud prevention, drawing out more and more information as they do so.
So far, accoridng to a posting on RSA's FraudAction Research Lab blog , the chat attacks are aimed at a single, so far unnamed, financial institution.
Small comfort there: This latest approach, like the recent inline popup banking scams the phishers tried, is best thought of as test marketing.
If it works, the technique will undoubtedly spread, although because this one requires human input from the crooks as well as the marks, there may be a limit to how far it spreads or how much it has to make to offset the labor and time costs it carries.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024