"Phishers Add Chatbot to the Phishing Lure"

Researchers at Trustwave SpiderLabs have discovered a new approach being taken by phishers to increase victim engagement and confidence: the addition of an interactive chatbot.  The phishers hope that this reluctant acceptance of chatbots will help lower the attention of the target victim.  The researchers noted that the basic lure is the common failed DHL delivery, and if the victim falls for it, the victim is not immediately directed to the phishing site.  Instead, the ‘please follow our instructions’ results in the delivery of a PDF with a ‘fix delivery’ button.  If the victim clicks the button, he or she is sent to another website where the phishing chain begins with the introduction of a chatbot that promises to fix the delivery but really harvests personal data.  If the target accepts the chatbot, it continues the engagement by showing the victim a photo of the damaged package and asks for details on how to deliver it.  If the victim asks to schedule delivery, a false CAPTCHA is presented to increase confidence further.  In the next stage, the chatbot asks for a delivery address and time.  An unspecified password is also requested.  The researchers noted that it really doesn’t matter what password is entered, it could be a DHL account password or the user’s email account, the phisher steals it anyway, along with the delivery address and the user’s email address (which they already have).  The phishing has begun but is not complete.  The chatbot explains that the additional delivery attempt is an additional service that requires payment, so a credit card payment page is displayed.  The amount asked for is small.  Paying for the fake redelivery gives up the phisher’s real target, bank card details.  

SecurityWeek reports: "Phishers Add Chatbot to the Phishing Lure"