Phishing scam adds a ‘chatbot-like’ twist to steal credit card info and more

According to research released Thursday by Trustwave’s SpiderLabs team, a newly discovered phishing campaign is trying to help potential victims feel safe about sharing credit card numbers and other information.

The process includes a “chatbot-like” page that “attempts to engage and build trust with the victim” rather than simply embedding an info-stealing link directly into an email or attached document, according to The report.

“We say ‘chatbot-like’ because it’s not a real chatbot,” writes researcher Adrian Perez. “The app already has predefined responses based on the limited options given.”

Responses to the fake bot take the potential victim through a series of steps that include a fake CAPTCHA, a login page for a delivery service, and finally a page that captures credit card information.

The chatbot-like page of a recently discovered phishing campaign. Image: SpiderLabs

Like the fake chatbot, some of the other steps in the process aren’t very sophisticated. The CAPTCHA, for example, is just a jpeg file, according to SpiderLabs. But the credit card page is actually running some things in the background.

“The credit card page has some input validation methods. One is card number validation, in which it not only tries to verify the validity of the card number, but also determines the type of card the victim entered,” Perez writes.

The company says it discovered the campaign in late March and was still active Thursday morning.

The SpiderLabs report is just the latest warning about the creativity of cybercriminals who focus on credit card information. Trend Micro researchers warned in April that cybercriminals were using fake “security alerts” from popular banks in phishing schemes. Discussions about the use of phishing attacks to harvest credit card information increased on dark web forums last year, Gemini Advisory said in its annual report for 2021.

Another method – skimming card data directly from shopping websites – remains popular.

RiskIQ researchers said this week that they have seen a “steady increase” in skimming activity lately, and not everything is linked to known groups that use the notorious Magecart malware.

The FBI also issued an alert this week regarding a specific case of skimming identified in January 2022. The bureau did not comment on questions from The Record about where it obtained the tip.

Joe Warminsky is the editor of The Record. He has over 25 years of experience as an editor and writer in the Washington, DC area. More recently, he helped run CyberScoop for over five years. Before that, he was a digital editor at WAMU 88.5, NPR’s Washington affiliate, and he spent more than a decade editing Congressional coverage for CQ Roll Call.

Comments are closed.