Skip to main content
NEW Advanced Threat Defense now includes AI-powered URL analysis Learn more →
Foundational 2 min read

How Chatbots Became a Phishing Tool

Brad Slavin
Brad Slavin CEO
Updated April 17, 2026 | Updated for 2026

Quick Answer

Whenever someone develops technology to help people, you can be sure that eventually, _hackers will figure out some way to use that same technology to phish people_. Such is the case now with customer service chatbots.

Share

Whenever someone develops technology to help people, you can be sure that eventually, hackers will figure out some way to use that same technology to phish people. Such is the case now with customer service chatbots.

_Customer service chatbots are software-driven instant messaging apps which are designed to convince you that you are having a conversation with a real perso_n. They are frequently found on ecommerce websites as a first line of customer support.

It is not uncommon when you interact with a chatbot the response will include instructions to click on a link (in the window) and enter information. It’s that simple chatbot interaction that hackers have seized upon to launch a phishing attack.

According to an article on Bleeping Computer, “An intricate phishing scam is utilizing a ‘customer service’ chatbot that walks its victims through filling out the various forms so that the attackers can steal their information, credit card numbers, and bank account information.”

This is how it works. “After submitting requested information such as the victim’s name, address, last four digits of passport number, and payment details, the fake support rep tells the victim that something strange has happened as their information cannot be found in the system. It then asks the victim to resubmit the information. It then proceeds to redirect the victim to another phishing site under the attacker’s control where they request, they provide their name, phone number, and credit card info.”

It’s getting to the point now where you can’t completely trust any link you click on. No matter where it is. And that’s why you need technology to protect you from these clever phishing attacks. Technology like that available from Phish Protection

Phish Protection is cloud-based email security software which protects entire organizations from phishing attacks. Phish Protection comes with the following features:

  • Smart Quarantine protection
  • Real-time link click protection
  • Display name spoofing protection
  • Domain name spoofing protection
  • Malicious attachment blocking
  • Simple dashboard control 

Phish Protection requires no hardware, software or maintenance. It sets up in 10 minutes, works with all the major email services, and costs only pennies per user per month. And the best part is, it comes with 24/7 live technical support. No chatbots here.

Try Phish Protection risk free for 30 days.

Topics

Phishing
Brad Slavin
Brad Slavin

CEO

Founder and CEO of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

LinkedIn Profile →

Protect your inbox from phishing attacks

Advanced email security for your organization. 60-day free trial — no credit card required.

Start Free Trial View Pricing
DMARC Report Monitor and enforce DMARC across all your domains
AutoSPF Automatic SPF flattening — fix "too many DNS lookups"

Related Articles

Foundational 5m

0ktapus – Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks

Foundational 4m

13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization

Foundational 4m

All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center

Foundational 4m

2021 Phishing Trends You Need To Be Wary Of