What happened
Attackers are abusing the LiveChat customer support platform in a phishing campaign that impersonates major brands like Amazon and PayPal to steal sensitive user data. Researchers from Cofense Phishing Defense Center (PDC) identified that threat actors initiate real-time conversations with victims through chat interfaces, creating a sense of trust and urgency. During these interactions, victims are tricked into providing account credentials, credit card details, multi-factor authentication (MFA) codes, and other personally identifiable information (PII). The campaign relies on social engineering rather than malware, using legitimate-looking support conversations to extract data directly from users. Researchers noted that these tactics make phishing attacks harder to detect because they mimic genuine customer support experiences.Â
Who is affected
Users interacting with fraudulent LiveChat sessions impersonating trusted brands such as Amazon and PayPal are affected, particularly those who provide sensitive personal or financial information during these conversations.Â
Why CISOs should care
The campaign shows how attackers are shifting phishing techniques toward real-time, interactive channels that increase trust and reduce traditional detection signals associated with email-based attacks.Â
3 practical actions
- Monitor customer support channels for abuse. Detect unauthorized or impersonated chat interactions targeting users.Â
- Educate users on support-based phishing. Reinforce that legitimate support teams will not request sensitive data like MFA codes or full payment details.Â
- Verify brand communication channels. Ensure official customer support endpoints are clearly defined and protected against impersonation.Â
For more coverage of major incidents and threat activity, explore our reporting on Cyberattacks.
