New phishing approach lures customers with pretend chatbot

Cybercriminals are discovering new methods to trick customers into offering their bank card knowledge. A brand new approach makes use of a pretend chatbot to construct belief with victims. Study extra about this risk and methods to shield your self from it.

Picture: Gstudio/Adobe Inventory

A brand new report from Trustwave exposes an rising phishing approach utilized by cybercriminals to steal bank card knowledge from Web customers.

Preliminary contact

As is commonly the case, the preliminary supply channel for the phishing rip-off is electronic mail. Pretending to originate from DHL, the e-mail content material mentions bundle supply issues which can be solved by following directions. The person then must click on on a hyperlink (Determine A).

Determine A

Picture: Trustwave. Preliminary phishing electronic mail pretending to originate from DHL.

Whereas the e-mail appears official to an untrained eye, a cautious examination of the e-mail headers exhibits that the From discipline has not been set accurately and doesn’t include an electronic mail deal with as needs to be the case (Determine B).

Determine B

Picture: Trustwave. E-mail headers from the phishing marketing campaign present a From discipline with out an electronic mail deal with.

SEE: Password breach: Why popular culture and passwords don’t combine (free PDF) (TechRepublic)

The clickable hyperlink contained within the electronic mail will open the person’s browser and direct them to a downloadable PDF file. The PDF exhibits content material seemingly from DHL and tells the person {that a} supply has been redirected. To repair the issue, the person should once more click on on a hyperlink.

As soon as the person has clicked, they’re  led to a chatbot-like web page, which is the place the actual phishing happens.

The pretend chatbot

The web page proven to the person at this level is seen as an actual chatbot web page, however it isn’t. It’s in reality an internet web page that comprises predefined solutions provided to the person to unravel the bundle supply drawback.

The person is proven some bot messages asking for affirmation of the bundle supply. It’s pre-filled in order that the person can not present any content material, however simply click on on two solutions: Sure or No (Determine C).

Determine C

Picture: Trustwave. Pretend chatbot web page proven to the person who wants to substantiate the bundle quantity.


As soon as the Sure choice is clicked, the person is then requested if they need the bundle delivered to their residence or workplace. An image then exhibits a broken bundle so as to add legitimacy to the rip-off.

Lastly, the bot tells the person that they should fill of their supply particulars, as a result of DHL solely has their identify and cellphone quantity or electronic mail deal with on file.

A generally used technique to construct belief with victims in a rip-off consists of multiplying the safety measures, to provide a false feeling of being fully protected to the sufferer. That is performed on the subsequent step by presenting a captcha to the person. Identical to with the chatbot, the captcha is definitely solely a picture and never an actual captcha system (Determine D).

Determine D

Picture: Trustwave. A pretend captcha is introduced to the sufferer.

The person is then requested for his or her electronic mail deal with, password and supply deal with. Two completely different supply dates are provided to the person with two completely different small quantities in USD to pay for the supply (Determine E).

Determine E

Picture: Trustwave. The person is proven a type to enter their electronic mail deal with, password, supply deal with and select a supply worth relying on the date.

Now that the person has validated a captcha, offered supply data and probably offered their electronic mail credentials, the ultimate stage of the assault asks the sufferer to offer their bank card data to pay for the bundle supply (Determine F).

Determine F

Picture: Trustwave. Bank card knowledge assortment web page.

As soon as the sufferer has accomplished the shape, they’re proven a remaining web page requesting a safety code on their cellphone (Determine G).

Determine G

Picture: Trustwave. A safety code web page is proven to the person.

At this level, the sufferer could discover that they by no means offered any cellphone quantity on this course of however could assume that DHL already had it saved.

No code is distributed to the cellphone quantity and inputting random numbers within the remaining web page redirects to the identical web page stating the safety code isn’t legitimate. After 5 makes an attempt, a affirmation web page is proven to affirm the submission was efficiently acquired.

The way to shield your self from this risk

A cautious examination of emails ought to at all times be performed, as they typically include knowledge which could elevate alarms. On this case, the From discipline was badly formatted and straightforward to identify.

Any suspicious electronic mail needs to be analyzed by a safety workforce earlier than clicking on any hyperlink or opening any file.

E-mail safety options also needs to be deployed with the intention to detect phishing campaigns and suspicious emails.

The URL the browser is opening also needs to be fastidiously checked, as cybercriminals typically register pretend area spoofing official manufacturers. On this case, the fraudsters used “dhiparcel” within the area identify. A cautious examination would have lead the person to see that it’s “DHI” and never “DHL.”

Browser safety options also needs to be deployed with the intention to detect fraudulent domains.

Disclosure: I work for Pattern Micro, however the views expressed on this article are mine.