Criminals appear to have taken phishing for sensitive identity information to a whole new level with the creation of a fake chatbot (opens in new tab) that slowly guides the victim to their data being stolen.
Cybersecurity researchers from Trustwave SpiderLabs recently uncovered a new phishing campaign that tries to scam people out of personally identifiable information (opens in new tab), as well as payment data, by faking a DHL customer support chatbot.
It starts the usual way - the victim will get an email, saying they have a parcel pending with DHL, and that further instructions are needed.
Stealing credit card information
If the victim takes the bait, they’ll be redirected to a fake DHL customer support website that seems to be running a chatbot. However, this is not a “real” chatbot, but rather an app with limited options and predefined responses.
If the victim still doesn’t spot the numerous red flags that have been popping up along this journey, they’ll soon find themselves giving away sensitive data, such as their DHL login credentials (email and password (opens in new tab)), as well as credit card information (cardholder name, card number, expiration date, CVV code).
Whoever is behind this campaign has really put some effort into it. Before giving away their DHL login information, victims will have to pass a fake captcha page. Once they enter their card data, the payment gateway will first check the validity of the card. Afterwards, the user gets redirected to a one-time password (OTP) page, where they’ll have to enter a code received via SMS.
> Credit card fraud detection vs credit report monitoring: What’s the difference? (opens in new tab)
> Cybercriminals are using fake Black Friday deals to steal your credit card details (opens in new tab)
> Watch out for these Facebook scams, users warned (opens in new tab)
Ironically, the victim is never asked for a phone number, so the only thing to do at this point is either realize the whole thing is a sham, or try to enter any random set of numbers.
The researchers did the latter, and after getting a “security code invalid” message four times, on the fifth attempt, the page redirects to another page saying that the submission was successfully received.
As usual, be extra careful when receiving links and attachments via email, most of them are probably malware or viruses.
- Keep safe from internet fraudsters with the best security keys around (opens in new tab)