"Live chat" bank scam aims to steal account info: Internet Scambusters #503
A clever new bank scam exploits our familiarity with live chat boxes by popping up on screen while you're actually visiting your bank's website and asking for your account details.
Another trick uses the same tactic to try to lure victims into transferring money into a crooked bank account.
We have details of both scams in this week's issue, together with the steps you can take to ensure you don't get caught out.
Now, here we go...
Convincing Bank Scam Uses Bogus Chat Box
A new and particularly convincing bank scam involving a bogus chat box is popping up on virus-infected PCs.
Appropriately called the chat box scam, it's convincing because it only appears when you actually visit your bank's website.
We're all familiar with live-chat boxes that sometimes pop up when you visit retail sites, asking if you need help with your purchase.
So it may seem no surprise to the unwary when a box opens on screen during an online banking session -- but this one's sole purpose is to steal your highly valuable bank account details.
The attack comes from a piece of malware nicknamed Shylock that victims unknowingly download onto their PCs via attachments or bogus web links.
Then it sits quietly on the computer until the user visits their bank website when it springs to life -- first flashing up a message supposedly from the bank telling you it's running a security check.
According to Trusteer, the online security company that discovered this bank scam, the following message then appears:
(Begin bogus message)
The system couldn't identify your PC You will be contacted by a representative of bank to confirm your personality. Please pass the process of additional verification otherwise your account will be locked. Sorry for any inconvenience, we are carrying about security of our clients.
(end of message)
Okay, the poor English is somewhat of a giveaway but if you don't spot that -- after all, you'll be panicking anyway -- you could be totally taken in by what happens next.
Now a blank "live chat" box opens with the message: Please wait, someone will be with you shortly.
Finally, the supposed chat is initiated, with the victim being asked to provide bank account details.
Trusteer says it's even possible that the malware, working in the background, could be simultaneously logged onto another website, making a purchase, for which you unwittingly key in your account details for payment or to immediately effect a money transfer from your bank.
"This is yet another example of the ingenuity of fraudsters and their ability to exploit the trust relationship between users and applications provided by their online service providers," says Trusteer.
"This attack could conceivably be used against enterprises and their employees, with the attacker posing as an IT help desk technician."
Up-to-date Internet security software should foil any attempt to install this malware on your computer in the first place.
But if you do encounter this kind of live chat box while visiting your bank, a genuine customer support agent would never ask for your password and almost certainly would not even ask for your account number.
After all, the bank already has those details.
Regardless, if you receive this type of message, it's probably best to log-off and phone your bank to see if they did encounter a problem.
In fact, few if any banks would actually use a chat box. Banks go to great lengths to maximize security and the only pop-up you're likely to see is one telling you your online banking session timed out and you need to sign on again.
Even then, we always recommend closing and reopening your browser and starting a new session, rather than simply re-entering your sign-on details.
Bank Scam #2 -- Bogus Fraud Insurance
While we're on the subject of bank scams, here's another new one identified by Trusteer.
This time, ironically, the scam offers free credit card fraud insurance.
Once again, it originates from a virus (nicknamed Tatanga) that victims are tricked into downloading.
The pop-up it generates while you're on your bank's web page claims to be offering the fraud insurance deal in partnership with major card providers like Visa and MasterCard.
It's a clever piece of malware because it actually reads your bank balance from the website and presents it as the sum you'd be insured for.
Of course, in reality, that figure would not be relevant if you were taking out genuine insurance but because it matches your account, it helps convince victims that it must be coming from the bank.
Next, it presents users with what is supposed to be a new insured account number to which they have to transfer 5,000 euros ($6,500) in order to activate it.
According to a recent article on PC World's website, this is actually an account operated by a money mule -- an accomplice or stooge -- who then wires the money, untraceably, to the scammer.
The 5,000 euros figure is the maximum a bank will allow to be transferred without flagging an alert.
The scam has so far only been seen in Europe -- hence the euros denomination -- but Trusteer warns that it might eventually find its way to the US because it uses the Spanish language.
Whether you're in Europe or the US, the best way to avoid this scam is simply not to respond to pop-up offers while you're on your bank's website. Phone them instead -- or speak to an insurance agent about fraud protection.
These two tricks underline the growing sophistication of the online fraudsters.
If you do your banking online or have any reason to visit their website, beware of those pop-ups. If it requests any account details, chances are high it's a bank scam.
That's it for today -- we hope you enjoy your week!