Phishers have added another trick to their copious arsenal. RSA, the security division of EMC, recently discovered a new type of phishing attack targeting online banking customers. It discovered phishing sites that contain fake live chat support for plausibility’s sake.
RSA put its appellative faculties to good use to come up with a name for this new form of phishing attack: “Chat-in-the-Middle."
The attack proceeds in a routine way with unsuspecting online banking customers being led to a phishing page designed to extract their account details. After these gullible visitors are through with the first page, instead of being sent to another phishing page or to the genuine website, they are lead to a fake live-chat support window. The fraudster at the other end, posing as a customer support personnel, then tries to extract more account details from them through social engineering.
According to RSA, the fake live chat support window is powered by Jabber, an open source instant messaging protocol. “While at this point RSA has witnessed only a single instance of this attack, we are recommending extra vigilance to operators of all online banking websites and other websites where user credentials are targeted,” RSA wrote on its blog.
Image Credit: RSA