RSA warns of new "chat-in-the-middle" attacks

Security researchers have discovered a new kind of phishing threat for online banking customers, which they have dubbed a ‘Chat-in-the-Middle’ attack.

The RSA FraudAction Research Lab outlined the incident, which has so far occurred at only one US-based financial institution, in its monthly intelligence report for August and coined the new phrase to describe it.

The attack started off as a routine phishing venture, with customers encouraged to enter their user name and password into a regular phishing site using scam emails. Once they had undertaken this activity, a bogus live chat support window popped up and fraudsters introduced themselves as members of the bank’s fraud department who needed customers to validate their details.

The malicious individuals then attempted to dupe them into divulging sensitive personal information such as name, email address and phone number as well as answers to secret questions used for authentication purposes.

RSA Security informed the bank of what was happening as soon as it discovered the incident and its Anti-Fraud Command Center and FraudAction service initiated standard phishing attack shut-down procedures. The attack took place from a well-known fast-flux network, which is hired for use by different fraudsters, and hosts a range of malicious web sites.

Unfortunately, however, it looks like the number of such fast-flux-based attacks is only set to increase. A huge 38 percent jump in the quantity of such activity in August meant that the month saw the highest number of phishing attacks ever at 16,164.

This figure compares with the last peak in April 2008, when 15,002 such attacks occurred. Assaults from fast-flux networks accounted for 73 percent of attacks last month, up from 61 percent the previous month. Hijacked websites came second at 18 per cent.

"I believe that within a year we'll also see this attack used in Trojans, making it even more dangerous: you log into your real bank website, and all of the sudden the bank wants to talk to you," argued RSA's head of new technologies, Uri Rivner.

"You simply don't know that behind the scenes there's a Trojan residing on your desktop, intercepting the session and automatically triggering a chat box with a fraudster half across the globe. Many will fall for that".