New phishing attack chats up victimsSeptember 16, 2009 – 5:52 PM
With many who bank online now wary of phishing attacks, criminals are adding fake live-chat support windows to their Web sites to make them seem more real.
RSA Security spotted the first ever of these “chat-in-the-middle” attacks in the past few hours, according to Sean Brady, a manager with the security company’s identity protection and verification group.
The phishers send e-mails that direct victims to a fake Web page designed to look like a banking site. That’s a standard technique, but what’s different in this case is that the phishing site comes with a fake online chat option, so that scammers can talk directly with their victims.
After the crooks prompt victims for their credentials, they pop up a browser window designed to look like a chat session from the bank’s fraud department. Then, via chat, they ask for even more information, including the victim’s name, phone number and e-mail address.
The phishers used the open-source Jabber chat software, Brady said.