Hackers are using a new fake chatbot trick to steal your data — here’s how to keep yourself safe

Advertisement
Hackers are using a new fake chatbot trick to steal your data — here’s how to keep yourself safe
Pixabay
  • Hackers have found a new way to access people’s personal information.
  • They trick people into sharing their personal information through fake DHL delivery service chatbots.
  • Let's take a look at how fake chatbots are used to trick people.
Advertisement
Companies and websites use chatbots to provide customer support and build trust with the customers by assisting them. Researchers from Trustwave SpiderLabs have found that hackers use fake DHL chatbots to trick people. This new approach makes people fall into their trap and give their personal information.

The process to steal information is a multi step process. Hackers use an easy way to make people believe in them by mailing ‘failed DHL delivery’. In this fake chatbot method, one starts a conversation and then directs the person to the actual page by which they break into the information.

How do people fall into the trap?
This fraud process starts when the person clicks on the mail and gets directed to a fake DHL customer support page. The fake chatbot page is designed to build trust and keep people hooked. On this page, the user will get an option to choose between - fix delivery or the link given - both will redirect to the same website.
Complimentary Tech Event
Discover the future of SaaS in India
The 6-part video series will capture the vision of Indian SaaS leaders and highlight the potential for the sector in the decades to come.Watch on Demand
Our Speakers
Girish Mathrubootham
Brian E. Taptich

After choosing the option, a chat box will appear where the person is asked to confirm the tracking number. The fake chatbot will also ask for the delivery address and send you the image of the parcel to build confidence. The person is asked to click on the 'schedule delivery' option. However, to convince people that the page is not fake, a CAPTCHA box will be shown. The person will have to fill in the login credentials and payment information.

At last, if the person clicks on the pay now button, he/she will be asked to enter OTP sent on the mobile number. The page will show security code is no longer valid several times but on the fifth try, the person will be redirected to another page saying that the submission was successfully received.
Advertisement


What are the red flags?
  • The email received does not have a full email address component.
  • The application already has predefined responses based on the limited options given.
  • While clicking the 'Schedule delivery' option there is nothing else that is clickable except the confirm and close button.
  • If you check the CAPTCHA page source, it is nothing more than an embedded JPEG image file.
SEE ALSO:
Google's Imagen can use text to make images, paintings, CGI renders using AI — here are some pictures
Google’s new research on digital wellbeing needs your data to dig deeper into user behavior and reduce the risks of smartphone addiction
{{}}