Want CNET to notify you of price drops and the latest stories?

New scam adds live chat to phishing attack

RSA researchers say new attack targets one bank with fake site that pops up a live chat window where victims are tricked into revealing personal information.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read
Updated 4 p.m. PDT throughout with minor additional details.

Online scammers have created a phishing site masquerading as a U.S.-based bank that launches a live chat window where victims are tricked into revealing more information, researchers at the RSA FraudAction Research Team said on Wednesday.

After a user accesses the phishing site, the chat window messages come through the browser and not via a typical instant messenger application, RSA said in a blog post.

The chat window is displayed if the log-in credentials are typed in or if any other link on the page is clicked, said Sean Brady, an online fraud expert at RSA.

The scammer claims to be from the bank's fraud department and says that the bank is requiring members to validate their accounts, asking for additional information such as name, phone number, and e-mail address, according to screenshots. That information could be used to get access to accounts and money online or over the phone.

The scammers are using the open-source Jabber IM protocol to manage the one-on-one chat, RSA said, declining to identify the bank involved in the scam.

Meanwhile, the "chat-in-the-middle" phishing attack, as RSA has dubbed it, is being hosted on a fast flux network that criminals pay to use that hosts malicious Web sites and other tools for online scams. Such networks are comprised of numerous computers that can be used to serve up the phishing page if one site gets shut down, which makes stopping such attacks difficult, Brady said.

So far, RSA said it has only witnessed one instance of the attack and has seen no evidence that stolen credentials are being used to log in to compromised accounts in real time.

"If this proves to be successful I would expect the fraudsters who launched this attack and copycats to use it elsewhere," Brady said. He said he also expects that the criminals will sell tool kits to people who are less technically savvy to use to launch similar attacks.

The live chat window asks phishing victims for name, phone number and e-mail address. RSA