Banking Trojan hijacks live chat to run real-time fraud
A new strain of financial malware is hijacking live chat sessions in a bid to hoodwink business banking customers into handing over their banking login credentials or into authorizing fraudulent transactions.
The assault – which targets business banking customers rather than consumers – kicks in when a victim logs into their online banking application.
Sessions are suspended, supposedly to run security checks (on the pretext that the “system couldn’t identify your PC”). Then a web-chat screen is presented to victims. But instead of talking to a customer service rep, the mark is actually chatting to cybercrooks, who will attempt to hoodwink victims into handing over login credentials or other information needed to authorize fraudulent transactions. Unbeknownst to the victims, the fraudsters are relaying authorization data to the victim’s bank during their conversation, carrying out a concurrent fraud in real time.
Please be aware that UFCU at present does not conduct any live chat sessions with members and that any such sessions pretending to be from UFCU is a fraud. Never give personal information through such channels. Call us at (800) 847-4283 if ever in doubts.