Live Chat Launched as New Phishing Platform

According to security researchers belonging to RSA's FraudAction Research Team, Internet scammers have set up a phishing website that pretends to be an American bank. It introduces a window where users can chat live but the process tricks them into divulging their important information.

RSA has written in its blog that when an Internet user goes to the phishing website, messages from the chat box appear via the browser instead of the standard instant messenger program. Its researchers have named this phishing tactic as 'Chat-in-the-Middle' fraud, which works in the following manner.

First, the user gets a fraudulent phishing e-mail that informs him of a security breach at a financial institution the scammers target alternatively, asking him to confirm personal data by supplying his authentication details as well as his private identity details on the fake website. Therefore, when the user accesses the aforementioned site, a window opens up for live chat with some phishing element that tries to phish off the bank details of the user.

Additionally, the phisher, who uses social engineering tactics, tries to extract even more sensitive information from the user via this live chat platform. By posing as an official from the fraud department of the bank, the fraudster claims that every member of the bank currently needs to authenticate his account to help the bank in its fraud detection process.

Subsequently, the fraudsters gather more information such as the victim's name, e-mail address and phone number that might then be used for phone or online fraud and perhaps, to contact the user later as the chat box suggests.

Says Sean Brady, a manager at RSA's identity protection and verification team, the phishers in the new scheme utilize the Jabber chat open-source application, reported Computer World on September 16, 2009.

So far, the current assaults have been aimed at only one US bank whose name Brady refrained from revealing. However, he stated that this technique could become more popular in future.

He further said that if the technique proved successful, the same fraudsters and other copycats could would apply it elsewhere too, adding that they might even trade toolkits to other less savvy criminals for launching similar attacks.

Related article: Life Insurance Spam Emerged as The Latest Spam Tactic in May 2008

» SPAMfighter News - 10/7/2009