Hackers have developed a new way to steal people’s information. According to researchers from Trustwave SpiderLabs, they use fake DHL chatbots to trick people. What is the consequence? Those who fall for it will provide their personal information.
The fraud process begins when a person clicks on the mail that comes with the subject ‘failed DHL delivery.’ If the person clicks on the mail, he or she will be directed to a fake DHL customer support page. There, the user will get an option to click ‘fix delivery’ or ‘the link given.’ Both will redirect to the same website.
Once the user chooses the option, a chatbot will appear to confirm the tracking number. The fake bot will also ask for the delivery address and send the user an image of the parcel to gain confidence. The page will also have a CAPTCHA box to reinforce the user’s trust. The user will be asked to click on the ‘schedule delivery’ option and fill in login credentials and payment information.
If the user clicks on the ‘pay now’ button, he or she will be asked to enter the OTP sent to the mobile number. However, the page will continue to show that ‘the security code is no longer valid’, and on the fifth attempt, the user will be redirected to another page saying that the submission was received. By then, the user will have fallen into the trap.
How can you spot the fake chatbot? The email received will not have a full email address component. The application already will have predefined answers. Once you click the ‘schedule delivery’ option, there would be nothing except the ‘confirm and close’ button. The CAPTCHA page source will have nothing more than an embedded JPEG image file.
So, next time when you get a failed delivery link, check before you click!
Attachments area
