Chatbot Army Deployed in Latest DHL Shipping Phish
In a new phishing tactic, faux chatbots establish a conversation with victims to guide them to malicious links, researchers say.
Phishing emails intended to look like a DHL communications are now coming loaded with a new twist — a version of a chatbot that helps drive targets to malicious links, according to a new report.
That is to say, it behaves like a chatbot, but behind the scenes, the scripts are pre-programed to respond with stock phrases based on a victim's answer, according to researchers at Trustwave who reported the phishing campaign tactic. But the effect is the same — targets think they're talking to a live DHL representative.
After clicking, the victim's browser opens a PDF file with another link asking the person to "Fix delivery," the Trustwave team reported. The chatbot will ask the victim to confirm a delivery address and tracking number, and it will even present a fake CAPTCHA to make everything seem legitimate. Eventually, the target will be asked to enter in login credentials and credit card information, which is promptly harvested.
Because chatbots are widely used by brands to interact with customers online, end users aren't suspicious of interacting with them, the Trustwave team added — making this a perfect social-engineering ploy.
"This is what the perpetrators of this phishing campaign are trying to capitalize on," the chatbot phishing report added. "Aside from spoofing the target brand on the phishing email and website, the chatbot-like component [is what] slowly lures the victim to the actual phishing pages."
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024