If you are a frequent visitor to the internet, you may notice a new trend on your favorite websites. Vendors, service providers and even government agencies have been rapidly deploying chat-based features to field requests from sales to support. Much like social media-based chat services, these applications are designed to field humanly readable requests and respond using an artificial intelligence (AI) engine and a defined script to respond to inquiries.
In fairness, there are many designs for these services, and some, classified as conversation marketing and not chatbots, actually route you to a live person to provide a response. It is typically unknown to the user if they are getting a real person or a machine. With a little social engineering, a threat actor can determine which one is behind the scenes. Regardless of human or machine, there are some interesting security risks to chat-based services.