Phishing - New Tactic Uses LiveChat for Data Theft

What Happened

A new phishing campaign has emerged, utilizing the popular customer service platform LiveChat to deceive users. Instead of traditional phishing emails leading to fake websites, attackers now engage victims in live chat sessions. This method creates a more convincing interaction, making it difficult for users to detect the scam. Victims believe they are communicating with legitimate support agents from trusted brands like PayPal and Amazon.

The attackers lure victims through carefully crafted emails that promise refunds or order confirmations. These emails contain links that lead to pages hosted on the legitimate LiveChat domain, making the deception even more effective. Researchers at Cofense uncovered this campaign after analyzing various phishing email variants, each designed to exploit human psychology.

Who's Being Targeted

The phishing campaign targets users of well-known brands, particularly those who may be expecting refunds or updates on orders. By preying on common consumer concerns, such as financial transactions and order statuses, attackers create a sense of urgency. For example, one email claimed a $200 refund was pending, prompting users to click on a link for more details. This tactic exploits the natural curiosity and urgency that many consumers feel.

The use of LiveChat as a medium allows attackers to engage users in a way that feels personal and immediate. As victims interact with what they believe is a real customer service agent, they are more likely to provide sensitive information, such as credit card details and personal identification.

Signs of Infection

Victims may not realize they are being targeted until it’s too late. Signs of infection include receiving unsolicited emails about refunds or order confirmations, especially those that direct users to a chat link rather than an official website. During the chat, requests for personal information, such as email addresses, phone numbers, or credit card details, should raise immediate red flags.

Additionally, users should be cautious of any chat interactions that seem off, such as poor grammar or unusual requests. Attackers often use misspellings and awkward phrasing, which can indicate that the chat is not from a legitimate source. If users are asked for multi-factor authentication (MFA) codes or sensitive data through chat interfaces, they should disengage immediately.

How to Protect Yourself

To safeguard against this type of phishing attack, users should adopt a cautious approach. Always verify the authenticity of unsolicited emails, especially those that require action. Avoid clicking on links in emails; instead, navigate directly to the official website of the service in question.

Organizations should monitor for any outbound traffic to lc[.]chat domains and block known malicious URLs associated with this campaign. Security teams must educate employees about the risks of phishing and encourage them to report any suspicious communications. By remaining vigilant and informed, users can better protect themselves from these increasingly sophisticated attacks.