Cyber security news for all

More

    Hackers Masquerade as Live Chat Support Agents in New Phishing Scheme

    In a cunning new phishing scam, hackers are posing as legitimate live chat support agents for popular platforms like Etsy and Upwork, tricking unsuspecting victims into revealing their credit card and banking information.

    According to a research blog released Wednesday by the US-based cybersecurity firm Perception Point, these phishing attacks exploit the trust users place in live chat support. Unlike typical phishing scams, this campaign uses real humans to interact with victims in real time, making it harder to detect.

    “This human element adds a new layer of deception, making them increasingly harder to identify,” the research team stated.

    The scammers primarily target small business owners, such as Etsy sellers or Upwork freelancers, who rely on these platforms to sell their goods and services.

    Fake Etsy Payment Page

    The research indicates that hackers first create a fake web page identical to the platform’s payment page, where business owners usually collect earnings from sales.

    When the victim clicks on a button to verify the payment, they are redirected to another fake page resembling one from a popular payment processing platform like Stripe.

    On this “spoofed Stripe page,” the victim is prompted to enter their credit card information. However, upon submitting, they receive an error message.

    At this point, the victim’s credentials are already compromised, having been sent directly to the attacker, Perception Point explained.

    Spoofed Stripe Page

    What makes this scam even more malicious and convincing is the live chat support feature on the fake Stripe page. This button connects the victim to a human agent ready to extract even more sensitive information.

    “The phisher posing as the site’s support strictly instructed our researchers to click on the provided link and enter their bank details,” Perception Point reported.

    The phishing kit used in this scam is described as “sophisticated” and “versatile,” with spoofing templates that can be repeatedly used across multiple platforms, including Etsy, Reverb, and Behance.

    “One iteration even uses a PNG file with a QR code to further disguise the nature of the attack,” the researchers noted.

    Human-Operated Live Chat Support

    To safeguard against such phishing attacks, the research recommends several measures:

    1. Verify Authenticity: Always verify communications with support teams by contacting them directly through official channels.
    2. Avoid Unsolicited Links: Never click on unsolicited links or QR codes. Instead, navigate to the site directly through a browser.
    3. Check URLs: Always check a website’s URL for legitimacy. Phishing sites often have spelling errors, missing letters, or grammatical mistakes in the domain name.
    4. Use Multi-Factor Authentication: Employ multi-factor authentication and stay informed about the latest phishing trends.

    By following these precautions, online users can better protect themselves from falling victim to these sophisticated phishing schemes.

    Recent Articles

    Related Stories