Chatbot Army Deployed in Latest DHL Shipping Phish

Phishing emails intended to look like a DHL communications are now coming loaded with a new twist — a version of a chatbot that helps drive targets to malicious links, according to a new report.

That is to say, it behaves like a chatbot, but behind the scenes, the scripts are pre-programed to respond with stock phrases based on a victim's answer, according to researchers at Trustwave who reported the phishing campaign tactic. But the effect is the same — targets think they're talking to a live DHL representative.

After clicking, the victim's browser opens a PDF file with another link asking the person to "Fix delivery," the Trustwave team reported. The chatbot will ask the victim to confirm a delivery address and tracking number, and it will even present a fake CAPTCHA to make everything seem legitimate. Eventually, the target will be asked to enter in login credentials and credit card information, which is promptly harvested.

Because chatbots are widely used by brands to interact with customers online, end users aren't suspicious of interacting with them, the Trustwave team added — making this a perfect social-engineering ploy.

"This is what the perpetrators of this phishing campaign are trying to capitalize on," the chatbot phishing report added. "Aside from spoofing the target brand on the phishing email and website, the chatbot-like component [is what] slowly lures the victim to the actual phishing pages."