After a user accesses the phishing site, the chat window messages come through the browser and not via a typical instant messenger application, RSA said in a blog post.
The chat window is displayed if the log-in credentials are typed in or if any other link on the page is clicked, said Sean Brady, an online fraud expert at RSA.
The scammer claims to be from the bank's fraud department and says that the bank is requiring members to validate their accounts, asking for additional information such as name, phone number, and e-mail address, according to screenshots. That information could be used to get access to accounts and money online or over the phone.
Scammers now implementing live chat to attacks
Posted on Friday, September 18 2009 @ 2:38 CEST by Thomas De MaesschalckRSA FraudAction Research Team warns online scammers are now using attacks with live chat windows to steal bank account information:
