New Phishing attack on online banking customers

BANGALORE, INDIA: A new unique type of phishing attack targeted against online banking customers was recently discovered by the RSA FraudAction Research Lab. RSA has coined this as a “Chat-in-the-Middle” phishing attack and it is first executed through routine means but then presents a more advanced layer of perpetrating online fraud.

The September Fraud report of RSA reveals how “Chat-in-the-Middle” Phishing Attack Attempts to Steal Consumers’ Data via “Bogus Live Chat Support” downloaded from the website.

Here are the highlights:

• The phishing attack may dupe bank customers into entering their usernames and passwords into an ordinary phishing site but the addition of a bogus live chat support window can obtain even more credentials via a live chat session initiated by fraudsters.
• During the live chat session, the fraudster behind the attack presents himself as a representative of the bank’s fraud department and attempts to dupe customers who are online into divulging sensitive information – such as answers to secret questions that are used for online customer authentication.
• While the fraudster chats with the victim through the bogus live chat window, the chat messages are processed in the background through a Jabber module located on the fraudster’s computer.
• Jabber is an open source instant messaging (IM) protocol which has recently been gaining popularity among fraudsters for the purpose of receiving stolen credentials in real-time.
• As previously reported by RSA, Jabber was being used by fraudsters to forward stolen credentials from infected computers in real-time from a Zeus Trojan’s drop server to Trojan herders. While the browser based chat window does not require victims to have Jabber or an IM application installed on their computer, Jabber is used by the fraudster to manage the one-on-one chat on the back-end.
• India is amongst the top ranking countries in terms of bulk of phishing attacks and also attack volume during August.