New phishing scam uses chatbots to gain trust

Fake DHL emails which use chatbots to drive victims to malicious phishing links is the latest threat to be uncovered by researchers working for cyber security firm Trustwave. 

The email is a message – purportedly from DHLexpress (although the ‘From’  is tellingly missing from the email header) informs the recipient of a package that cannot be delivered “due to an exceptional situation beyond our control. Or because access to the delivery address impossible.” 

The recipient is then urged to click on a red box which reads: ‘Please follow our instructions.’ Clicking on this box opens up a browser and directs the recipient to a downloadable PDF file which directs the target to another link asking the person to “Fix delivery” the Trustwave team reported. 

A chatbot-like page then attempts to engage and establish trust with the victim to confirm a delivery address and tracking number, and it will even present a fake CAPTCHA to make everything seem legitimate.  

Eventually, the target will be asked to enter in login credentials and credit card information, which is then harvested. 

Because chatbots are widely used by brands to interact with customers online, end users aren’t suspicious of interacting with them, the Trustwave team added — making this a perfect social-engineering ploy. 

Trustwave added that the phishing email was first detected by its team of researchers on 25 March and while the actual application is still active it is now using a newly registered domain.