'Hi, how can we scam you today?' -- Office 365 phishing site comes with live chat support
An increasingly common -- and frankly rather annoying -- feature of many commercial websites is the little chat box that pops up in the bottom right corner and asks if you need any help.
Security researcher Michael Gillespie has revealed that an Office 365 phishing site is using this live support technique to give its page an air of legitimacy.
As BleepingComputer reports, the site isn't particularly convincing, but it seems likely that if scammers see results from this technique they will get better at using it over time.
Starting a chat session sees the scammers use social engineering to extract information to allow them to hijack the victim's Office 365 account.
Tim Sadler, CEO and co-founder at phishing protection specialist Tessian says:
This is an example of advanced spear phishing -- attackers masquerade as a legitimate and well-trusted company in an attempt to defraud unknowing targets. Using Microsoft's live chat support to extract information is particularly cunning. Most targets won't suspect that the Microsoft page is not legitimate, and will therefore not be suspicious when asked to disclose personal information with the 'support agent.' This is not the first time we've seen productivity tools being exploited to defraud unwitting targets. Recently, we reported in our blog that attackers have started to use Microsoft Forms to bypass security systems and extract data from users.
The overall lesson is that users have to be educated on the different and ever-evolving forms of phishing scams, and security solutions need to be able to adapt and evolve to sophisticated threats.
The fake chat session was hosted using the Tawk.to service. It has been reported to them and the fraudster's account terminated, at least temporarily.
The key takeaway here is not to assume that features like support sessions make a website legitimate.