Phishing websites now use chatbots to steal your credentials

Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors. This approach automates the process for attackers and gives a sense of legitimacy to visitors of the malicious sites, as chatbots are commonly found on websites for legitimate brands. This new development in phishing attacks was discovered by researchers at Trustwave, who shared the report with Bleeping Computer before publication. The phishing process begins with an email claiming to contain information about the delivery of a parcel, masquerading as the DHL shipping brand. Clicking on the'Please follow our instructions' button in the email loads a PDF file that contains links to the phishing site.