Researchers at Trustwave have observed a phishing campaign that uses a chatbot to add legitimacy to the scam. The chatbot is on a harmless website, and is designed to convince the user to visit the phishing site by striking up a conversation and walking the victim through the process.
“In general, using chatbots adds an interactive component to a website,” the researchers write. “This often results in a higher conversion rate because it makes the site more interesting and engaging for the users. This is what the perpetrators of this phishing campaign are trying to capitalize on. Aside from spoofing the target brand on the phishing email and website, the chatbot-like component slowly lures the victim to the actual phishing pages. Also, the addition of fake OTP and CAPTCHA pages makes the phishing website seem more legitimate.”
The scammers impersonate DHL and attempt to convince the user that their delivery address has been lost. The phishing page asks the user to enter their email address, password, and credit card details in order to update their delivery details.
“The credit card page has some input validation methods,” the researchers write. “One is card number validation, wherein it tries to not only check the validity of the card number but also determine the type of card the victim has inputted. Once the victim fills out the form, clicking the ‘PAY NOW’ button will redirect the victim to a loading page, which after a few seconds will then redirect to an OTP (One-Time Password) page. The OTP is automatically generated characters (numeric or alphanumeric) which are usually sent to the user’s registered mobile number. This serves as another layer of user authentication for a single transaction or session.”
Despite the effort put into the chatbot, the researchers note that this scam is still delivered via email, and users could recognize red flags in the phishing message itself. New-school security awareness training can enable your employees to thwart innovative phishing attacks.