Phishers On a Live Chat?

Symantec recently observed a phishing website spoofing an e-commerce brand’s live support website. Many legitimate brands make use of this facility, in which customers interact with support representatives by chatting online to resolve any issues with the brand’s products or services.

Fraudsters are always looking for new techniques to use in the hunt for users’ information. In many cases, phishing websites that target customers’ login credentials are created by spoofing the login page of the legitimate brand. In this latest case, the phishing site in question is targeting the same types of credentials by spoofing the brand’s live support website. The phishing site involved bogus chat sessions to help the page look more authentic, trying to give customers the impression that the phishing website was interactive.

The phishing page asked for the customer’s ID and password and also prompted the customer to enter the question that he or she would like to ask the support representative. Upon entering the details and then clicking the “Chat” button, the page redirected to a chat window:

The chat window stated that a support representative would soon be online to reach out to the customer. After a few seconds, a message was displayed stating that a particular representative was available to chat. The chat window also contained a timer below it to mimic the legitimate website (however, the timer was a fake and displayed bogus times).

Any message entered by the customer was left without a response. The chat window soon displayed a message that the representative had left the chat session. After a couple of minutes the chat session ended and the page displayed an email form. The page stated that online support was down for maintenance and prompted the customer to try again or leave a message for the support representative.

Though the page may look interactive, the website did not involve human response and the entire chat session was performed by the fraudster’s computer automations. The phishing site was hosted on a free webhosting site.

Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:

•    Do not click on suspicious links in email messages.
•    Check the URL of the website and make sure that it belongs to the brand.
•    Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.
•    Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing.