Phishing scams use LiveChat to impersonate brands, steal data

A new phishing scam is leveraging LiveChat software to impersonate well-known brands like Amazon and PayPal, tricking victims into revealing sensitive information, according to Cofense. Threat actors are using real-time chat interactions to bypass security measures and steal credit card details, as reported by HackRead.

The scam begins with deceptive emails, some mimicking PayPal refund notifications for $200 or generic order confirmations. These emails contain links directing users to a live chat interface, branded to look like legitimate customer support. Cofense researchers observed fake agents, often using unprofessional language, engaging victims in conversation.

During these chats, attackers solicit personally identifiable information (PII), banking details including credit card numbers and CVC codes, and even multi-factor authentication codes. This real-time interaction bypasses traditional security protocols by creating a sense of authenticity, as users are accustomed to using live chat for customer service.

Source: HackRead