According to RSA FraudAction Research Lab, there is a new type of phishing attack. Colloquially called “chat-in-the-middle”, it’s a never before seen variation of the standard phishing scam where a bank customer gets lured to a phished online banking site and is tricked into giving up his or hers username and password.
Well, the premise is the same, but the novelty is in the social engineering approach – when the victim enters the phished site, a live chat session with a “representative of the bank’s fraud department” is launched. Of course, behind it is the fraudster who then tries to weasel out additional information from his prey: name, phone number, email address, etc. Here is an example of the chat in progress:
The thing that is important to point out is that the chat window is deployed by the scammer through a Jabber module and it has nothing to do with the IM application on the victim’s computer.
So far, only one occurrence of this attack was detected and the name of the bank whose security has been compromised has not been revealed. Of course, online banking websites are advised to be vigilant. This also applies to their customers, who should be made aware that they won’t usually be asked to share usernames, passwords or security questions, and that anyone who tries to pry that kind of information from them is not to be trusted.