New phishing technique lures users with fake chatbot
Trustwave has released a new report in which the company provides details regarding an emerging phishing technique through which attackers aim to steal credit card data from internet users. The initial contact method for the phishing scam is via email, like the majority of phishing campaigns. In particular, this campaign impersonates shipping company DHL and claims that the target is experiencing package delivery problems. The email provides the target with a set of instructions that includes clicking on a malicious link. The link leads the user to a downloadable PDF file that appears to inform the target that their delivery has been redirected.
Once the user has clicked yet another link embedded in the PDF, they are led to a chatbot page where the phishing occurs. The chatbot page is a fake web page that contains predefined answers to guide the target through solving the package delivery problem, or more accurately, giving away sensitive information. The chatbot deploys a variety of methods to gain the target’s trust, such as running fake Captcha to ensure the user that there are security measures in place, to offering a fake picture of a damaged delivery to validate the scam. The attackers slowly ask the target to input more and more information until the credit card details are requested.