The chat window messages come through the browser and not via a typical instant messenger application, RSA said in a blog post.
The scammer claims to be from the bank's fraud department and says that the bank is requiring members to validate their accounts and asks for additional information such as name, phone number and e-mail address, according to screen shots. That information could be used to get access to accounts and money online or over the phone.
The scammers are using the open-source Jabber IM protocol to manage the one-on-one chat, RSA said. Meanwhile, the "chat-in-the-middle" phishing attack, as RSA has dubbed it, is being hosted on a fast flux network that criminals pay to use that hosts malicious Web sites and other tools for online scams.
So far, RSA said it has only witnessed one instance of the attack and has seen no evidence that stolen credentials are being used to log in to compromised accounts in real time.
The live chat window asks phishing victims for name, phone number and e-mail address. (Credit: RSA )
This article was originally published on CNET News.