Your browser is obsolete!

The page may not load correctly.

The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (99)
  • add to favourites
    Add to Bookmarks

Attacks carried out on chatbots

Read: 9316 Comments: 0 Rating: 2

Friday, March 24, 2023

Today, chatbots are an effective tool for businesses to communicate with their customers. Unfortunately, their simplicity and convenience attract not only honest users but also cybercriminals. So, bots that are used to actively interact with a large audience are at risk and can become targets for hacker attacks.

Fake authenticity

Hackers create fake chatbots that seem genuine and use them to commit fraud. They can send phishing links or request confidential information from users, pretending to be official representatives of a bank, company, etc.

False details

After hacking a legitimate chatbot that collects funds legally, attackers can arrange for user payments to be accepted to a fake account. At the same time, the service interface will not change in any way; it’s just the details that will change, and all the money will go to the scammers.

Buffer overflow

Hackers may try to overload a chatbot's buffer by entering large amounts of text or code to temporarily disable it or even paralyse it completely.

SQL injections

Criminals can use SQL injections to access the database used by a chatbot and steal confidential information: personal user data or payment data.

Session hijacking

To gain unauthorised access to a user's account, attackers can try to intercept and steal the authentication tokens used to log in to a chatbot.

Malicious scripts

Cybercriminals can send specially created scripts that run inside a chatbot and perform various tasks, such as gaining access to confidential data or spreading viruses.

Faked DNS

Hackers can implement DNS attacks to redirect traffic from a chatbot to their server, where they can intercept and collect information about users.

Intercepted HTTPS connection

To steal information that is transmitted between a chatbot and a user (logins, passwords and other confidential data), attackers can use techniques for intercepting HTTPS connections.

Fake charity

If a channel has access to an audience that trusts it, it's a tempting morsel for hackers. After taking possession of such a channel, attackers can, for example, on behalf of a brand or a reputable blogger, send emails containing appeals to transfer money for “good” purposes.

The Anti-virus Times recommends

Owners of chatbots should be careful and take the measures necessary to protect their systems and users:

  • Regularly check for updates for all the programs and plugins that you use, including the platform used to create your chatbot. Often, updates include patches for security vulnerabilities.
  • Use SSL encryption to protect transmitted information. This shields you from eavesdropping and data spoofing.
  • Only grant authorised users or specific IP addresses access to your bot.
  • Use authentication for users to prevent unauthorised access.
  • Keep API keys and passwords in a safe place and don't give them to anyone. Use strong passwords and change them regularly.
  • Regularly check logs to identify suspicious activity and take measures to prevent it.

Doctor Web's specialists also advise chatbot users to stay vigilant:

  • Never provide a chatbot with sensitive information such as passwords, social security numbers, or financial data.
  • When downloading a chatbot, check the source: the developer of the program must be a well-known and trusted company.
  • Do not follow links that may look suspicious or that can be sent from unfamiliar users.
  • If possible, protect your account with a password to prevent unauthorised access to it.
  • Consider using two-factor authentication, which requires additional code when logging in to your account.
  • Periodically check your accounts and transactions to quickly detect any suspicious activity.
  • Regularly update the software to eliminate vulnerabilities that can be exploited by attackers.
  • Never send money via a chatbot unless you are completely sure of its authenticity and reliability.

#DDoS_attack #hacking  #data_loss_prevention #messenger #fraud #personal_data #vulnerability 


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.