A new phishing attack has added a surprising twist to the traditional scheme. The messages themselves are nothing new. They are made to look like they came from a major U.S. bank and direct the victim to click on the included link to verify/update their account. The twist comes when they arrive at the faked site. When they log in or click any link on the site a chat window opens and an “operator” explains that due to new security procedures they must provide even more information such as name, address, phone number and email address. The chat works via the open source Jabber IM protocol and is browser based.

Security experts have named this new technique “chat-in-the-middle” and say it is hosted on a fast flux network that allows cybercriminals to host their malicious sites and malware on it in exchange for a monthly fee. These networks work like botnets with thousands of computers at the ready to take over to serve up the malicious page when another is shut down or blocked.

This type of attack is brand new but if it’s successful you can bet that it will become more and more widespread and perhaps be used in other types of attacks as well.