Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
Trustwave has encountered an interesting phishing website containing an interactive chatbot. Unlike a lot of phishing websites, this one establishes a conversation first, and bit-by-bit guides the victim to the actual phishing pages. Information that is gathered from the conversation, according to Trustwave, includes the victim's username, location, and operating system. This is a unique way of phishing and unique to Trustwave's investigation.
This particular phishing page was found by Trustwave as a result of a client reporting their malicious website. The site had been online for approximately one year at that time and was hosted on an IP address in Shanghai. The information provided by the interactive chatbot indicated that this site had been up and running for over a year before it was discovered by the client. It is possible that the bot existed before this but had not yet been discovered or reported.
"Who's using the bot?"
The "chatbot" is used to harvest information from unsuspecting users.
The bot is linked to phishing pages that are available for download for those who "like" the page on Facebook. Once logged in, Facebook credentials can be harvested to log into the phishing accounts and access data from there.
Although it may not be clear from the article, this is just one example of a machine-learning bot that uses information gathered in order to determine whether or not a user is genuine. The behavior of each user and their response is recorded before an assessment can be made about their potential interest in clicking on links sent by the chatbot or downloading links sent out by other users.