For years, chatbots have been a useful tool to help automate customer-facing applications. But what happens if the chatbot goes rogue?

Recent reports have revealed that this may have happened to the Comcast / Xfinity chatbot. First, there were incidents of Xfinity email outages. Next, some reported that if you try to resolve the issue via chat, a rogue chatbot may engage with you. The impersonator chatbot then tries to redirect you to a malicious page that asks you to divulge your credit card number.

Could this be related to the massive breach that involved 35.9 million Comcast Xfinity broadband entertainment platform customers? While this story is still developing, it wouldn’t be the first time chatbots were recruited for online scams.

There are a variety of ways chatbots are being used to spread malware and/or obtain sensitive information. Here’s what to watch out for.

Hacking Bing

Bing Chat has quickly become one of the world’s leading AI chatbots. Millions of people use it every day. One feature of Bing Chat is that ads can be inserted into the conversation. For example, a user can hover over a link and then an ad is displayed.

Malwarebytes reported on a case where Bing Chat ads were being hijacked by nefarious actors. In this scam, when the user’s cursor hovers over a legitimate link, a dialog box appears showing a malicious ad:

Image source Malwarebytes

Clicking on the malicious ad leads users to a website (mynetfoldersip[.]cfd) that can identify real victims and filter out bots, sandboxes or security researchers. Filtering works by checking IP addresses, time zones and other system settings, such as web rendering that identifies virtual machines.

Actual human users are eventually redirected to another fake site (advenced-ip-scanner[.]com) that mimics an official page, while others are sent to a decoy page. Victims are then invited to download malware that looks like legitimate software.

Fake AI chatbot scams

Scammers are also taking advantage of the rising popularity of AI chatbots, like Google’s Bard. It’s easy to miss these hacks as they easily blend in with the tsunami of AI-related products and services offered now.

According to Google, two different scammer groups created social media pages and ran ads that encouraged people to “download” Bard. But Bard is a freely available generative AI tool that does not need to be downloaded.

Scammers used Google’s logos, trademarks and product names as part of their scheme. The ads lure targets to a phony website designed to look like it’s affiliated with Google. On the site, visitors are encouraged to download software to use Bard, but it’s really malware.

It’s worth noting that Google is suing the bad actors instead of just reporting them to the authorities. The company says that “lawsuits are an effective tool for establishing a legal precedent, disrupting the tools used by scammers, and raising the consequences for bad actors.” According to Google, they have filed roughly 300 takedowns related to this group of bad actors.

Other chatbot scams

Some chatbot-based scams aren’t really chatbots at all. In one scam, criminals sent phishing emails impersonating DHL.

Image source: Trustwave

From there, the malicious link connected to a fake chatbot that eventually requested sensitive information like the user’s email and password:

Image source: Trustwave

And credit card data, of course…

Image source: Trustwave

A similar scam has also been luring Facebook users under the guise of an account cancellation message. In this case, an actual Facebook chatbot is used, which then redirects targets to a fake site that asks for sensitive information.

Image source: Trustwave

Here’s how they try to get users to give up their passwords:

Image sources Trustwave

Use chatbots with caution

As with any online engagement, interacting with a chatbot should be done with the utmost caution. Always think twice, or even three times, before you click, download or provide private personal information.

To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today