A report by a security advisor for IBM, Limor Kessem showed how cyber criminals are employing a new tactic of using live chats to extract banking and personal information directly from victims in Brazil.
The report describes how the attack begins by sending an email with a link to the target victim. The link takes the victim to a fake webpage that emulates the victim’s bank website. The victim is then social engineered into divulging critical information through a live chat on the fake website.
The criminals can check the information provided since they are online and push an error message to the target if the information provided is not correct.
In the end, the victim is notified that the update was successful but should wait for 24 hours before login into their account. This gives them time for their fraudulent transactions to clear before the user realizes.