We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Cybercriminals use live chat in phishing attacks

'Chat-in-the-middle' attacks use Jabber client

With many who bank online now wary of phishing attacks, criminals are adding fake live-chat support windows to their websites to make them seem more real.

RSA Security spotted the first ever of these "chat-in-the-middle" attacks in the past few hours, according to Sean Brady, a manager with the security company's identity protection and verification group.

The phishers send emails that direct victims to a fake web page designed to look like a banking site. That's a standard technique, but what's different in this case is that the phishing site comes with a fake online chat option, so that scammers can talk directly with their victims.

After the crooks prompt victims for their credentials, they pop up a browser window designed to look like a chat session from the bank's fraud department. Then, via chat, they ask for even more information, including the victim's name, phone number and email address.

The phishers used the open-source Jabber chat software, Brady said.

The attacks target a single US bank, which Brady declined to name. But he said there's a good chance the technique will become more widespread.

"If this person has any measure of success, I would anticipate that there will either be copycats or the fraudster will do this again with other institutions," Brady said.


IDG UK Sites

Nokia branding killed in place of 'Microsoft Lumia': Windows Phone moves into new era

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Halloween Photoshop tutorials: 13 masterclasses for horrifying art, designs and type

IDG UK Sites

Should you update your iPhone or iPad to iOS 8? iOS 8.1 brings back Camera Roll, adds Apple Pay in...