Beware of Phishing: cybercriminals now use chatbots
➤Summary
The darknet has a new playground: Phishing with chatbots
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors.
This approach automates the process for attackers and gives a sense of legitimacy to visitors of the malicious sites, as chatbots are commonly found on websites for legitimate brands.
How does it work?
Researchers have shared that recently cybercriminals have been using a sophisticated scheme of phishing.
- Hackers are sending potential victim legitimately looking email, saying there was an issue with a delivery. Indeed, due to Covid getting shopping done online is not a big deal and many of us wait for parcels to come.
- Victim is being asked to follow instructions in pdf file, that they attach to the email, to resolve the issue.
- Pdf file consists of some additional instructions and, what is most important, a link to chatbot that is promised to help managing delivery.
- Chatbot is guiding user in the most general, yet efficient way. It says that due to delivery issues recipient (victim) has to cover some minor additional costs and leads to a payment page.
- Payment page is done very legitimately and even said to support 3D Secure, meaning, sending one-time SMS messages to “confirm the payment”
Indeed, after this not only all data is left to cyber criminals, but also credit card details and all victim’s money on it.
Kaduu team encourages you to keep in mind this example and stay vigilante to phishing.
Your data might already be exposed. Most companies find out too late. Let ’s change that. Trusted by 100+ security teams.
🚀Ask for a demo NOW →Q: What is dark web monitoring?
A: Dark web monitoring is the process of tracking your organization’s data on hidden networks to detect leaked or stolen information such as passwords, credentials, or sensitive files shared by cybercriminals.
Q: How does dark web monitoring work?
A: Dark web monitoring works by scanning hidden sites and forums in real time to detect mentions of your data, credentials, or company information before cybercriminals can exploit them.
Q: Why use dark web monitoring?
A: Because it alerts you early when your data appears on the dark web, helping prevent breaches, fraud, and reputational damage before they escalate.
Q: Who needs dark web monitoring services?
A: MSSP and any organization that handles sensitive data, valuable assets, or customer information from small businesses to large enterprises benefits from dark web monitoring.
Q: What does it mean if your information is on the dark web?
A: It means your personal or company data has been exposed or stolen and could be used for fraud, identity theft, or unauthorized access immediate action is needed to protect yourself.