Fwd: A new scam

[Thomas Finner]

Convincing Bank Scam Uses Bogus Chat Box
<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>~<>

A new and particularly convincing bank scam involving a bogus
chat box is popping up on virus-infected PCs.

Appropriately called the chat box scam, it's convincing
because it only appears when you actually visit your bank's
website.

We're all familiar with live-chat bar with live-chat boxes that sometimes pop up
when you visit retail sites, asking if you need help with your
purchase.

So it may seem no surprise to the unwary when a box opens on
screen during an online banking session -- but this one's sole
purpose is to steal your highly valuable bank account details.

The attack comes from a piece of malware nicknamed Shylock
that victims unknowingly download onto their PCs via
attachments or bogus web links.

Then it sits quietly on the computer until the user visits
their bank website when it springs to life -- first flashing
up a message supposedly from the bank telling you it's running
a security check.

According to Trusteer, the online security company that
discovered this bank scam, the following message then appears:

(Begin bogus message)

The system couldn't identify your PC
You will be contacted by a representative of bank to confirm your personality.
Please pass the process of additional verification otherwise your account will be locked.
Sorry for any inconvenience, we are carrying about security of our clients.

(end of message)

Okay, the poor English is somewhat of a giveaway but if you
don't spot that -- after all, you'll be panicking anyway --
you could be totally taken in by what happens next.

Now a blank "live chat" box opens with the message: Please
wait, someone will be with you shortly.

Finally, the supposed chat is initiated, with the victim being
asked to provide bank account details.

Trusteer says it's even possible that the malware, working in
the background, could be simultaneously logged onto another
website, making a purchase, for which you unwittingly key in
your account details for payment or to immediately effect a
money transfer from your bank.

"This is yet another example of the ingenuity of fraudsters
and their ability to exploit the trust relationship between
users and applications provided by their online service
providers," says Trusteer.

"This attack could conceivably be used against enterprises and
their employees, with the attacker posing as an IT help desk
technician."

Up-to-date Internet security software should foil any attempt
to install this malware on your computer in the first place.

But if you do encounter this kind of live chat box while
visiting your bank, a genuine customer support agent would
never ask for your password and almost certainly would not
even ask for your account number.

After all, the bank already has those details.

Regardless, if you receive this type of message, it's probably
best to log-off and phone your bank to see if they did
encounter a proid
encounter a problem.

In fact, few if any banks would actually use a chat box. Banks
go to great lengths to maximize security and the only pop-up
you're likely to see is one telling you your online banking
session timed out and you need to sign on again.

Even then, we always recommend closing and reopening your
browser and starting a new session, rather than simply
re-entering your sign-on details.

JoaniE.
Life is Good