RSA Uncovers Chat-in-the-Middle Phishing Scheme

By Brian Prince  |  Posted 2009-09-17 Print this article Print

Researchers at RSA, EMC's security division, have uncovered a new phishing attack targeting online baking customers.

Dubbed "Chat in the Middle" by the RSA FraudAction Research Lab, the attack starts out like a common phishing ploy to dupe bank customers into giving up their usernames and passwords by luring them to an ordinary phishing site. However, when victims get there, a live chat support window appears that the attackers use to try to get more information via a live chat session.

"During the live chat session, the fraudster behind the attack presents himself as a representative of the bank's fraud department and attempts to dupe customers who are online into divulging sensitive information - such as answers to secret questions that are used for online customer authentication," RSA reports here. "This attack is currently targeting a single U.S.-based financial institution.

"It seems that the live chat window within this phishing kit is constantly changing," the RSA blog post continues. "Other versions that we tracked of the same kit featured different text messages in the chat window, and an interactive chat between the fraudster and phishing victims."

While the cyber-crook chats with the victim through the live chat window, the chat messages are processed in the background through a Jabber module on the perpetrator's computer that is used to manage the one-on-one chat on the back end.

So far RSA has only uncovered one instance of the attack, which is hosted on a well-known fast flux network rented out to fraudsters. Still, researchers are urging vigilance and have already contacted the affected financial institution (RSA has declined to identify the bank). |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel