THE 2024 STATE OF PHISHING REPORT IS PUBLISHED! READ THE REPORT HERE

Solutions
Solutions
By Channel

Read the company overview to learn more about how Perception Point provides unparalleled prevention of advanced cyber threats across all attack vectors.

Email
Email

Advanced Email Security

Internal Emails

Outbound Email Security

Security Awareness Training

Download this complimentary Gartner report.

Enterprise Browser

Download the Advanced Browser Security datasheet.

Cloud Collaboration
Cloud Collaboration

Cloud Collaboration Apps

Business Communication

Cloud Storage

Read the brochure to learn more about Advanced Cloud Collaboration Security.

Web Apps & File Uploads

Check out the solution paper on Advanced Threat Protection for Web Apps.

By Platform
By Platform

Microsoft 365

Google Workspace

Salesforce

AWS S3

Zendesk

Read this case study to see how we helped a high-tech enterprise secure 3 collaboration channels: MS Teams, OneDrive, and SharePoint.

By Attack Type
By Attack Type

Phishing Prevention

Quishing Prevention

BEC Prevention

Account Takeover Prevention

Malware Detection

Zero-days & N-days Detection

Read the company overview to learn more about how Perception point provides unparalleled prevention of all attacks across email, web browsers and cloud collaboration apps.

Detection Technology
Detection Technology

AI Threat Prevention

HAP – Next-Gen Sandbox

Anti-Evasion Technology

Read the company overview to learn more about how Perception point provides unparalleled prevention of all attacks across email, web browsers and cloud collaboration apps.
Services
Services
Incident Response

The X-RAY

Reporting

End User Reporting

More Services
Learn more about Perception Point’s Managed Service.
Partners
Partners
Partnerships
Partnerships

Channel Partners

MSP/MSSP Partners

Technology and Alliance Partners
Technology and Alliance Partners

Microsoft

AWS

Salesforce

SentinelOne

Crowdstrike
Learn more about the Perception Point Partner Program. Protect your customers from all threats across top attack vectors with one platform.
Resources
Resources
Guides
Guides

AI Security

BEC

Browser Security

BYOD

Cloud Storage Security

Cybersecurity

Email Security

Endpoint Security

Incident Response

Malware

Phishing

Ransomware

Zero Trust

Blog

Keep up with Perception Point’s updates and new offerings on our blog, here.

Case Studies

Learn how Red Bull augmented Microsoft EOP to prevent attacks in the case study, here.

Datasheets

Access the datasheet to learn about the use cases, technical specifications, and the key features of our Security Browser Extension

Whitepapers

Access the whitepaper to get a comprehensive guide to understanding and preventing business email compromise attacks

Reports

Download the 2023 Gartner Market Guide for Email Security.

Webinars

Check out our webinar in cooperation with Forrester — “Rethinking Email Security: Why Traditional Approaches Fail and Why You Can’t Afford to Ignore it”

ROI Calculator

Use this calculator to assess the potential benefit of deploying Perception Point with just 3 variables. We will do the rest for you.
Company
Company
About Us

News

Press

Events

Careers
Read the company overview to learn how Perception Point provides unparalleled prevention of all attacks across email, web browsers and cloud collaboration apps.
Languages
Languages
English

Français

Español

Deutsch

Perception Point » News » New Phishing Scheme is Built Around Legitimate-looking Chatbots

July 16, 2024

New Phishing Scheme is Built Around Legitimate-looking Chatbots

Tech researchers uncover new live person, chatbots that are out to steal your data in whole new ways.

Is there no length to which a scammer will not go to exploit innocent consumers? Apparently not.

New research by cybersecurity company Perception Point revealed a sophisticated phishing attack exploiting the trust users place in live chat support on sites like Etsy, Behance, Upwork, and Reverb – sites that, until now, have basically been scam-free.

Pretending to be a representative of these sites, these hackers are targeting business owners and people who are doing their little side hustles selling things, attempting to claim payment for goods or services the site had provided.

The set-up is to lure them into clicking on a “verify” button to claim their payment. Once clicked, however, victims are prompted to enter their credit card details on a spoofed site page, all the while chatting with what seemed to be real, trustworthy support agents.

Researchers at Perception Point told ConsumerAffairs that what sets this phishing campaign apart is the use of real-time human responses instead of scripted, artificial intelligence-driven chatbots. “This human element in phishing attacks adds a new layer of deception, making them increasingly harder to identify,” the researchers said.

Beware of the chat icon

Despite the initial phishing page dressed up like a fairly standard multi-stage phishing attack, the researchers were intrigued by a number of things — one being a chat box at the bottom.

And that button is where the anguish begins. Once a person clicks on it, a real life scammer begins their ruse, chatting in real time just like they might if someone were on Google’s support site chat.

When the researchers engaged with the chat, they were sent a link in the chat, told to click on it, and enter their bank details. And that’s where everything goes south.

How to stay safe

Live chat has become a preferred method for customer service. However, it also opens the door for cybercriminals to launch phishing attacks. Motti Elloul, vice president of Incident Response at Perception Point, told ConsumerAffairs here’s how you can protect yourself:

Verify authenticity: Always confirm that the live chat representative is from a legitimate source. Look for signs like verified badges or initiate the chat through the official website.
Avoid sharing sensitive information: Never share personal or financial details over live chat. Legitimate companies will not ask for such information through this channel.
Look for red flags: Be wary of urgent language, unsolicited requests, and grammatical errors. These are common indicators of phishing attempts.
Use security tools: Employ security software that can detect and block phishing attempts. This adds an extra layer of protection against potential threats.
Educate yourself: Stay informed about the latest phishing tactics. Awareness is your first line of defense.
Watch the links: If you see a hyperlink that might be suspicious, always proceed with caution. If you have any doubts, do not click.

This article first appeared in ConsumerAffairs, written by Gary Guthrie on July 15, 2024.

Don't miss out on any industry updates.

Sign up for our newsletter!

TALK TO SALES

Ready to Try
Perception Point?

Learn More

From Threats to Trends: Highlights from Perception Point’s H1 2024 Report

Cybersecurity is a constant cat-and-mouse game, with threat actors always refining their tactics to create more sophisticated and complex attacks, pushing defenses to evolve (ideally) even more quickly.

Rewriting Hysteria: Rising Abuse of URL Rewriting in Phishing

In recent months, threat actors have discovered a troubling new method to exploit URL rewriting, a feature intended to protect users by replacing links in emails. By manipulating these rewritten URLs, attackers mask highly evasive phishing links behind trusted domains of security vendors, effectively bypassing detection. This abuse has led to a critical surge in advanced phishing attacks that leverage the very tools developed to prevent them.

Operation “Uncle Scam”: AI-Powered Phishers Abuse Microsoft Dynamics 365 to Target US Government Contractors

Attackers (Crowd)Strike with Infostealer Malware

This blog examines an infostealer malware campaign that targets Israeli companies, leveraging the CrowdStrike incident to lure victims into downloading a fake update.

Two-Step Phishing Campaign Exploits Microsoft Office Forms

Attackers are abusing Microsoft Office Forms to launch sophisticated two-step phishing attacks. Office Forms are now being leveraged by threat actors to trick targeted users into divulging their Microsoft 365 (M365) credentials.

How Perception Point Leads the Charge in Email Security: A Frost & Sullivan Recognition

The report recognizes Perception Point for introducing key innovative features that set it apart from competitors and being one of the fastest-growing email security vendors