Criminals seem to have taken phishing for sensitive identity information to a whole new level with the creation of a fake chatbot that slowly guides the victim towards stealing their data.
Trustwave SpiderLabs cybersecurity researchers recently discovered a new phishing campaign that attempts to scam people out of personally identifiable information, as well as payment data, by simulating a DHL customer support chatbot.
It starts in the usual way – the victim will receive an email telling them that they have a package pending with DHL and further instructions are needed.
Theft of credit card information
If the victim takes the bait, they will be redirected to a fake DHL customer support website that appears to be running a chatbot. However, it is not a “real” chatbot, but rather an app with limited options and predefined responses.
If the victim still doesn’t spot the many red flags that have popped up along this journey, they will soon find themselves handing over sensitive data, such as their DHL login credentials (email and password), as well as credit card information. (holder’s name, card number, expiry date, CVV code).
Whoever is behind this campaign has really made an effort. Before giving their DHL login information, victims will have to pass a fake captcha page. Once they have entered their card details, the payment gateway will first check the validity of the card. Then, the user is redirected to a one-time password (OTP) page, where he will have to enter a code received by SMS.
Ironically, the victim is never asked for a phone number, so the only thing to do at this point is either realize it’s all a sham, or try entering any set of random numbers.
The researchers did the latter, and after receiving an “invalid security code” message four times, on the fifth attempt the page redirects to another page indicating that the submission was received successfully.
As usual, be very careful when you receive links and attachments by email, most of them are probably malware or viruses.