An intricate phishing scam is utilizing a “customer service” chatbot that walks its victims through filling out the various forms so that the attackers can steal their information, credit card numbers, and bank account information.
A new phishing scam that was recently found by MalwareHunterTeam is targeting Russian victims and pretending to be a refund of 159,700 ($2,100) for unused Internet and cellular services.
What makes the phishing scam so interesting is that it utilizes a chat bot that pretends to be a customer service agent to walk the victim through a series of screens and the information that they need to provide.
After submitting requested information such as the victim’s name, address, last four digits of passport number, and payment details, the fake support rep tells the victim that something strange has happened as their information cannot be found in the system.
It then asks the victim to resubmit the information.
This acts as a double-verify by the scammers to make sure that the victim is submitting the correct information. Even if you submit different information the second time, the chatbot will come back on and say your record was found.
It then proceeds to redirect the victim to another phishing site under the attacker’s control where they request they provide their name, phone number, and credit card info.
Any time a victim enters their credit card info, MalwareHunterTeam states that they will be shown an error stating:
“For security reasons, your Verified By Visa purchase has been prevented from being processed due to repeated entry of incorrect details. Your card/login has been blocked for online transactions at Verified By Visa merchants.”
At this point, the attackers have a victim’s email address, phone number, name, credit card info, and the last four digits of their passport number.
This is enough to perform identity theft, gain access to accounts via customer support numbers, and other malicious activity.
As always, never submit information on any site without first confirm that you are at the correct URL for the service being offered.
Furthermore, if you are being offered a refund for any service, contact that service directly to confirm it is not a scam before filling out any related information.