Chatting with a phisher
Security specialist RSA reports that after Man-in-the-Middle attacks we now have Chat-in-the-Middle attacks on online banking customers. According to RSA, recently the customers of one particular US financial institution were lured to a conventional phishing page where they were prompted for their user names and passwords. However, the page also opened a web-based chat window to a phisher posing as a bank representative, who asked more questions – for example the "secret question" where further authentication is provided by the correct answer. Even telephone numbers and email addresses were requested by the phishers – potentially in order to contact the victim again at a later date.
The entire attack was carried out using a fast flux network, making it harder to track the attackers. While communication with the victim was handled in the web browser, without the need for a messaging client on the victim's PC, the phishers used the Jabber instant messaging protocol and a suitable client to communicate with the phishing server. This network allowed the criminals to ask questions in real time and instantly use the answers to compromise an account. RSA didn't mention whether there were any actual losses. According to the specialists, this has so far been the only attack of this kind. The case is being investigated by the authorities.