Security News > 2022 > May > Phishing websites now use chatbots to steal your credentials
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors.
The URL button in the PDF takes the victim to a phishing site where they are supposed to resolve issues causing a package to be undeliverable.
When the phishing page loads, visitors are greeted with a web chat explaining why the package could not be delivered instead of being shown a fake login form commonly used to steal credentials.
The delivery is supposedly scheduled, and a bogus CAPTCHA step is displayed to act as one more false send of legitimacy to the phishing page.
Next, the victim is redirected to a phishing page that requires entering DHL account credentials and finally, leading to a payment step, supposedly to cover the shipping costs.
As always, the best way to spot a phishing page is to examine the URL for the website.