New phishing attack chats up victims

With many who bank online now wary of phishing attacks, criminals are adding fake live-chat support windows to their Web sites to make them seem more real.

RSA Security spotted the first ever of these "chat-in-the-middle" attacks in the past few hours, according to Sean Brady, a manager with the security company's identity protection and verification group.

The phishers send e-mails that direct victims to a fake Web page designed to look like a banking site.

That's a standard technique, but what's different in this case is that the phishing site comes with a fake online chat option, so that scammers can talk directly with their victims.

After the crooks prompt victims for their credentials, they pop up a browser window designed to look like a chat session from the bank's fraud department.

Then, via chat, they ask for even more information, including the victim's name, phone number and e-mail address.

The phishers used the open-source Jabber chat software, Brady said.

The attacks target a single U.S. bank, which Brady declined to name. But he said there's a good chance the technique will become more widespread.

"If this person has any measure of success, I would anticipate that there will either be copycats or the fraudster will do this again with other institutions," Brady said.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email TechWorld
• Follow TechWorld on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark