New scam adds live chat to phishing attack

Updated 4 p.m. PDT throughout with minor additional details.

Online scammers have created a phishing site masquerading as a U.S.-based bank that launches a live chat window where victims are tricked into revealing more information, researchers at the RSA FraudAction Research Team said on Wednesday.

After a user accesses the phishing site, the chat window messages come through the browser and not via a typical instant messenger application, RSA said in a blog post.

The chat window is displayed if the log-in credentials are typed in or if any other link on the page is clicked, said Sean Brady, an online fraud expert at RSA.

The scammer claims to be from the bank's fraud department and says that the bank is requiring members to validate their accounts, asking for additional information such as name, phone number, and e-mail address, according to screenshots. That information could be used to get access to accounts and money online or over the phone.

The scammers are using the open-source Jabber IM protocol to manage the one-on-one chat, RSA said, declining to identify the bank involved in the scam.

Meanwhile, the "chat-in-the-middle" phishing attack, as RSA has dubbed it, is being hosted on a fast flux network that criminals pay to use that hosts malicious Web sites and other tools for online scams. Such networks are comprised of numerous computers that can be used to serve up the phishing page if one site gets shut down, which makes stopping such attacks difficult, Brady said.

So far, RSA said it has only witnessed one instance of the attack and has seen no evidence that stolen credentials are being used to log in to compromised accounts in real time.

"If this proves to be successful I would expect the fraudsters who launched this attack and copycats to use it elsewhere," Brady said. He said he also expects that the criminals will sell tool kits to people who are less technically savvy to use to launch similar attacks.

The live chat window asks phishing victims for name, phone number and e-mail address.

(Credit: RSA )

[Anon-Y-mous]

I thought firefox was immune from such things. Oh wait --- social engineering is not a software problem!

[42istheanswer]

The stupidity keeps moving forward.

[mrskillet]

you didn't tell us which US based bank

[Eddie-c]

Agreed. While the miscreants/scum/[insert metaphor] may try to target other banks as well, common-sense - and decent reporting - would at least dictate stating the bank in question so that those people who do simply click on things could (maybe) pay a little more attention or be aware??

You might as well have had a head-line that said "In other news ....." and the link went to a blank page.

[elinormills]

RSA would not identify the bank. The story was updated to say that.

[sargess25]

..... and all of this in Windows environment

[01Phyxius]

Read the story. It is a BROWSER-based attack. I don't know what fantasy world you are living in, but mac browsers are just as vulnerable as pc-based ones.
Don't believe me? Try following Pwn-2-Own.

[bobdue1]

So Macs don't use browsers I guess. that is the only way this comment would make any sense. Please tell me you don't work in the IT or security industries ...

[RTFA]

Actually, I am not a fan of Windows, but it has nothing to do with that kind of attack, which comes through a browser. The bigger question is how the scammers managed to get between the user and the bank site. If it was done through phishing and a disguised link, it is avoidable, but if it is done through DNS poisoning or another method of redirection, it can be very dangerous. For any platform.

[Alex_Lehmann]

Basically this is not much more than a smart banner, Chat-Type ads for supposed dating sites are pretty common now, this is just taking the idea to the next level.

Very good concept from the scammers point of view, though.

[rballison10]

And the Bank is---------------------(crash)-------

[dewilshere]

Vielen Dank für diesen nützlichen Beitrag.

Grüße

http://scforum.info/