These are quick first looks and trend and threats


Read More >>
Written by the security and AV professionals from team K7, meant for the general audience
Read More >>
These are usually articles that go into internals of a virus or deal with security issues
Read More >>
Senior managers speak on areas of interest to them, inside and outside the industry
Read More >>

Phishers turn to live chat to snare victims

Online banking customers are being warned that phishing scammers are now utilising ‘Live Chat’ systems in order to extract crucial security details from unsuspecting users.

Phishers have long been trying to lure users to fake banking sites, designed to look like an exact replica of the targeted bank’s actual site, and attempting to prompt the user to disclose key information. Whilst advances in phishing protection measures found in many antivirus software packages and increased consumer knowledge have limited the success of phishing scams, online phishing scams are still a multi-billion dollar industry.

But in what seems to be the latest step in online banking fraud, findings from the RSA FraudAction Research Lab found that phishers are now utilising the power of ‘Live Chat’ instant messaging systems to get the information that they need.

Live Chat is a form of instant messaging used by a number of businesses that allow representatives to communicate directly with website visitors. The system is used predominantly for customer service purposes although there are no restrictions on how live chat software can be used.

In this example, RSA found that phishers behind a fake site were using live chat software to potential victims, posing as fraud prevention representatives.

The representative on the other end of the conversation will suggest at some abnormal activity on the account and request account information to address the supposed issue.

The advice to consumers is to remember that there is no reason why a bank or financial institution would ask for detailed security information regarding your account, other than login details and passwords that you have defined in order to access online banking services. These login details will not include information such as your mother’s maiden name or PIN. If you are asked to confirm these details either on a website or email, it is highly likely that the request is part of a part of a phishing scam.

Tags: , ,

Comments are closed.