FARMERS BRANCH, Texas (11/15/12)--Fake chat boxes are a part of the pop-up scams in the latest variation of the Citadel banking Trojan scheme designed to part unsuspecting consumers from their personal information and money while making online banking transactions.
News Now reported Wednesday about browser malicious software (malware) that can inject fake pop-ups on online banking sites. The fake pop-ups trick users into re-entering their bank and credit union account logins and passwords. (See related News Now article: Fake pop-ups injected into online banking transactions).
The Association of Certified Fraud Examiners (ACFE) has more information about a slightly different twist on the pop-up scams--messages posing as chat boxes from the institution's online banking site, according to the Texas Credit Union League (LoneStar Leaguer Nov. 5).
The league explained how the fake chat boxes work. The Internet user is on the credit union or bank's website when a pop-up message flashes. It says, "We are running a security check." The live chat box then pops up with a message that informs the user a representative will be available shortly. Then the "representative"--the scammer--begins a live online chat session with the unsuspecting victim, who discloses confidential account information.
ACFE says scammers target computers that have had previous malware infections, which victims download unknowingly through fake Web links or attachments. After the malware downloads, it stays dormant until the victim opens the online banking site.
The same advice works for both the fake pop-ups and the fake chat boxes. ACFE advises using updated software to prevent malware from embedding itself in a computer. Credit unions can reemphasize that financial institutions never ask for personal identification information because they already have the information.
ACFE said anyone who encounters the scam should turn off the computer and call the financial institution. Consumers also should run a security check for other viruses or malware.