You are here: silicon.com > Software > Security Strategy

Security Strategy

Scammers pose as banks in live chat hack

Fraudsters latest attempt to phish for info

Tags: phishing

Printer Friendly Email Story RSS

By Elinor Mills

Published: 18 September 2009 15:02 GMT

Online scammers have created a phishing site masquerading as a US-based bank that launches a live chat window where victims are tricked into revealing more information, researchers at the RSA FraudAction Research Team said on Wednesday.

After a user accesses the phishing site, the chat window messages come through the browser and not via a typical instant messenger application, RSA said in a blog post.

The chat window is displayed if the log-in credentials are typed in or if any other link on the page is clicked, said Sean Brady, an online fraud expert at RSA.

The scammer claims to be from the bank's fraud department and says that the bank is requiring members to validate their accounts, asking for additional information such as name, phone number, and email address, according to screenshots. That information could be used to get access to accounts and money online or over the phone.

The scammers are using the open-source Jabber IM protocol to manage the one-on-one chat, RSA said, declining to identify the bank involved in the scam.

RSA chat
The live chat window asks phishing victims for name, phone number and email address (photo credit: RSA)

Meanwhile, the "chat-in-the-middle" phishing attack, as RSA has dubbed it, is being hosted on a fast flux network that criminals pay to use that hosts malicious websites and other tools for online scams. Such networks are comprised of numerous computers that can be used to serve up the phishing page if one site gets shut down, which makes stopping such attacks difficult, Brady said.

So far, RSA said it has only witnessed one instance of the attack and has seen no evidence that stolen credentials are being used to log in to compromised accounts in real time.

"If this proves to be successful I would expect the fraudsters who launched this attack and copycats to use it elsewhere," Brady said. He said he also expects that the criminals will sell tool kits to people who are less technically savvy to use to launch similar attacks.

Original article: Microsoft sues over malicious online ads from CNET News.com

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Faster Payments: All your web banking are belong to us

Barclaycard users tuck into pie charts with web banking overhaul

Online banking: Which bank is the most secure?

Web to be number one choice for banking in 10 years

Photos: Inside the RSA cybercrime war room

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...

Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech

UK ID cards rollout hit by delay as launch date revealed

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'

The top 10 technologies you need to plan for next year


  • Jobs
Senior Account Manager

Position: Senior Account Manager Location: Kent Salary: 35-40k Ref: 1393-440 Manage designated client accounts Understand and provide solutions to ...

IT Designer / Architect - Fraud

Architect, Solutions Designer, Fraud Prevention, Fraud Detection, ACI's Proactive Risk Manager, PRM, Anti Money Laundering, Customer Verification, ...

PReS Programmer - 30K - Lancashire

As Data Programmer you will have knowledge of name and address based data processing and data cleansing, together with the ability of writing PReS ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

The Truth About Wasteful Spending on Software: How to Stop Giving Your Software Vendors...

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Salesforce.com makes more friends in the cloud

Google sheds light on netbook plans for Chrome OS

How to squeeze the last drops of savings from an outsourcing contract

Salesforce.com plans social networking for business

Outsourcers to fall victim to cloud computing rush?

Office 2010: Beta launched




Quick Sitemap Links: