Chatbots Are Being Used in the Latest Cyber Scams
Chatbots have been used in scams before, but this time, scammers are adding a twist. How do chatbot scams work?
May 23 2022, Published 8:13 a.m. ET
Scammers have found creative ways to steal people’s personal information, and now they’re using chatbots. How can you avoid chatbot scams?
Chatbots, common on websites such as Amazon and eBay, can help customers solve order issues. But now, hackers have found ways to use them for malicious purposes.
How do chatbot scams work?
The latest chatbot scam involves a fraudulent email from mailing company DHL. (DHL is not itself associated with the scam.) The email states that you have a pending parcel delivery but there's an issue with your DHL shipment. The email contains a link for recipients to click on to resolve the issue.
When the person clicks the link, they’re redirected to a false DHL customer support page. There, a chatbot loads up, like a genuine customer support chatbot. The fraudulent bot will first ask the target to pass a Captcha check, which is fake and meant to make the website look more legitimate. After the captcha, the site visitor will be asked to submit their login credentials for their DHL account, along with their credit card information.
Once you've entered your personal information, a payment gateway verifies if the card is valid and then redirects you to another page that resembles a one-time password page. Except with this fake one-time password page, whatever numbers are put in the box will work. After the numbers are submitted, a confirmation page will pop up. At that point, the scamming party has the victim’s credit card information.
If you've fallen for this scam, it’s best to reach out to your bank immediately and report the issue. If the scammer made any transactions with your credit card information, you should be able to get a refund. If you're actually expecting a package from DHL, check its website, DHL.com, and contact the DHL customer support.
How to avoid chatbot scams
Avoid suspicious emails, and never open suspicious links. If you’re not sure whether an email is legit, visit the company’s website and contact its support. Also, beware of chatbots when visiting suspicious websites.
Never submit your credit card information, especially if you’re not purchasing a product. If you feel that you may be on a fake website, check the url. Also, never continue a discussion with a chatbot if it’s making odd statements such as “you won a prize” or asking you for confidential information.