Have You Heard Of The New Hack Attack Called Chat In The Middle?

chat in the middle hack

Unfortunately for professionals in the online security field, people are too easily fooled by hacker’s tricks.

What may seem like common sense of what a person should not do can still be an effective attack for the cyber criminal.

chat in the middle hack

Confidence Is Everything

It is similar to security offline, when a person is able to get past the security guards by having the right look and the uncanny ability to lie confidently to another person.

If you watch any the Oceans 11-13 movies, you will see this done, of course in Hollywood fashion.

It is the same for people online.

If you give users the right look and merely seem authentic, they will trust you without verifying the information.

People will very rarely look at the address bar when they go to a site after they click the link.

They will look at the graphics on the site and if it looks familiar they will interact with the site.

Something, Something Phishy

Phishers have used this weakness against the online web surfer for a couple of years now.

They start by taking the graphics off of a web site, which is easy to do.

They then create their own version of the same site on a different web host.

After the site is set up, they then commence to send out links in a variety of ways, to get people to come to the site.

Most people will ignore the request but the few who don’t are able to keep this form of business alive.

Once they are at the site, the users give the phishers all of the personal data about themselves that the bad guys will ever need.

It is then just a matter of time before they use that data to do harm.

Stuck In The Middle With You

Recently the phisher community have decided to step their game up.

Now instead of just copying the web site of a known bank, they will now have a pop up that will show on the page.

This type of attack is know as a chat in the middle attack.

The pop up is an IM chat client that tells the person that they may be involved in a serious security risk.

The pop up will then ask the person to give them their information so that they can see if any of their accounts have been affected.

Once that information is given, the pop up then goes away and the person is redirected to the real version of the bank’s web site that they were trying to get to in the first place.

This is a real problem and has become a very popular way to phish people out of their data.

When you are surfing the web, you will have to be aware that dangers can come in all forms.

Even if they seem unlikely to be an attack, if there is even the slightest thing wrong, then it is probably an attack.

When you want to visit your bank’s web site, do not click the link in an email or another site.

Type the banks web address directly into the browser.

This will take you directly to the bank’s site.

Nine times out of ten, if you are directly on the banks site then there will not be a problem.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] long as there is a lot of money to be made in the online criminal underground, there will be hackers that try to find new and innovative ways to try to exploit […]

Speak Your Mind

*