Chatbot Army Deployed in Latest DHL Shipping Phish

Phishing emails intended to look like a DHL communications are now coming loaded with a new twist – a version of a chatbot that helps drive targets to malicious links, according to a new report.

That is to say, it behaves like a chatbot, but behind the scenes, the scripts are pre-programmed to respond with stock phrases based on a victim’s answer, according to researchers at Trustwave who reported the phishing campaign tactically. But the effect is the same – targets think they’re talking to a live DHL representative.

After clicking, the victim’s browser opens a PDF file with another link asking the person to “Fix delivery,” the Trustwave team reported. The chatbot will ask the victim to confirm a delivery address and tracking number, and it will even present a fake CAPTCHA to make everything seem legitimate. Eventually, the target will be asked to enter in login credentials and credit card information, which is promptly harvested.

Because chatbots are widely used by brands to interact with customers online, end users aren’t suspicious of interacting with them, the Trustwave team added – making this a perfect social-engineering ploy.

“This is what the perpetrators of this phishing campaign are trying to capitalize on,” the chatbot phishing report added. “Aside from spoofing the target brand on the phishing email and website, the chatbot-like component [is what] slowly lures the victim to the actual phishing pages. “

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

Phishing emails intended to look like a DHL communications are now coming loaded with a new twist – a version of a chatbot that helps drive targets to malicious links, according to a new report.

That is to say, it behaves like a chatbot, but behind the scenes, the scripts are pre-programmed to respond with stock phrases based on a victim’s answer, according to researchers at Trustwave who reported the phishing campaign tactically. But the effect is the same – targets think they’re talking to a live DHL representative.

After clicking, the victim’s browser opens a PDF file with another link asking the person to “Fix delivery,” the Trustwave team reported. The chatbot will ask the victim to confirm a delivery address and tracking number, and it will even present a fake CAPTCHA to make everything seem legitimate. Eventually, the target will be asked to enter in login credentials and credit card information, which is promptly harvested.

Because chatbots are widely used by brands to interact with customers online, end users aren’t suspicious of interacting with them, the Trustwave team added – making this a perfect social-engineering ploy.

“This is what the perpetrators of this phishing campaign are trying to capitalize on,” the chatbot phishing report added. “Aside from spoofing the target brand on the phishing email and website, the chatbot-like component [is what] slowly lures the victim to the actual phishing pages. “

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!