New scam adds live chat to phishing attack
Summary
Online scammers have created a phishing site masquerading as a U.S.-based bank that launches a live chat window where victims are tricked into revealing more information.
Topics
Online scammers have created a phishing site masquerading as a U.S.-based bank that launches a live chat window where victims are tricked into revealing more information, researchers at the RSA FraudAction Research Team said on Wednesday.
The chat window messages come through the browser and not via a typical instant messenger application, RSA said in a blog post.
The scammer claims to be from the bank's fraud department and says that the bank is requiring members to validate their accounts and asks for additional information such as name, phone number and e-mail address, according to screen shots. That information could be used to get access to accounts and money online or over the phone.
The scammers are using the open-source Jabber IM protocol to manage the one-on-one chat, RSA said. Meanwhile, the "chat-in-the-middle" phishing attack, as RSA has dubbed it, is being hosted on a fast flux network that criminals pay to use that hosts malicious Web sites and other tools for online scams.
So far, RSA said it has only witnessed one instance of the attack and has seen no evidence that stolen credentials are being used to log in to compromised accounts in real time.
The live chat window asks phishing victims for name, phone number and e-mail address.(Credit: RSA )
This article was originally published on CNET News.
Talkback Most Recent of 8 Talkback(s)
-
Not all live chats are scam
Just because there's a web based chat window involved doesn't mean it's scam. There are a couple of live support software that are great for the customer!
besonix16th Sep 2009 -
That's not what they are saying
They're not saying all live chats are scams. They are saying that scammers have started implementing the live chat into their scam to get your bank information. Any live chat such as this that I've come across (on legitimate sites) normally doesn't just pop up. You have to click something to request a chat session. Live chat for scamming isn't anything new though. Scammers are just combining their fake website scam with the "live" im scam. I had a "person" who said she was a woman from the local area IM me on yahoo one day while I was in Iraq. I figured out it was a scammer in a matter of a minute or two. Mainly since "she" (could've been a guy) said she got my IM screen name from looking it up. I don't give out my IM name to just anyone and it's very unlikely she found it by doing a search and just decided to IM me based off of the NOTHING that was in my yahoo profile. She sent me pics of a person she claimed to be, but they followed the style of scammers so I knew then she was scamming. She actually carried the "scam" on for about a week before she asked me for money. I knew it was a scammer the whole time and was waiting for her to ask for money. Gave me some story about being on a modeling assignment in Africa and that were forcing her to pay her hotel bill early and she wasn't paid for her work yet, so she needed me to send her money. lol She got dramatic when I kept stalling and said they were going to kill her. So I just made her think she got me killed in Iraq.
Scammers go after gullible people and this new method will no doubt scam a lot of people out of a lot of money.
SpiderTech16th Sep 2009 -
You have NO idea what you are talking about
>>Scammers go after gullible people
No they don't. Do your homework before you open your trap.
Duke E. Love18th Sep 2009 -
if the criminals are paying...
1. doesn't that leave a money trail for law enforcement to follow?
2. why can't the folks in charge of the Internet block the Internet Provider that the criminals are using?
Just wondering...
Terry Thomas...
the photographer
Atlanta, Georgia USA
http://www.TerryThomasPhotos.com
AtlantaTerry18th Sep 2009 -
Read the post
It says they're using fast flux networks built on
botnets. So it switches IPs too fast to be able
to track down and block, and if they did manage to
block anything it would just be some poor guy like
yourself, who's computer was compromised and
being used for this.
Niosop21st Sep 2009 -
RE: New scam adds live chat to phishing attack
Try to be aware of every trick in the book and make sure
that you do not click any link that comes from anyone you
do not know.
I use gmail and https where you can add filters for all
items that will not end up in spam ,just be safe and
secure on-line. do as l do read all security posts from
people like zdnet, cnet and idg they all have good advice
follow it. I publish as much security information on my
blog at http://aceworldwideservices.blogspot.com/ Ian
aceone298th Oct 2009 -
Are you one of them
that you feel the need to defend them? After whom are they in your opinion? You have to have some weakness they exploit, and that is what normally understood under "gullible".
Paradise Lost8th Oct 2009 -
RE: New scam adds live chat to phishing attack
expover microsoft internet working at sites with the
fesbuk - and sohbet odalari - and mynet - mynet sohbet -
turkey the microsoft is a good format is also face -
sohbetci - metin2 pvp -
operiation facebok - twitter
Behaviour of desdek bigger role in these sites sohbet Microsoft A network connection to the game s dada gubve unwanted surprises
metin2 pvp serverlar - pvp indir -
facesohbet -
and yonja - and facebok - sex sohbet - sex hikayeleri - and sohbet - and facebook - and fesbuk - and sohbet - and cet - and mt2 indir - and metin2 indir - and metin2 resimleri - and metin2 kaydol - ang metin2 -
fesbook giris
fesbok giris
chat room turkey
aygulum30th Jul
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
