Attackers have found yet another innovative way to conduct phishing attacks by abusing the customer support platform LiveChat, using real-time social engineering to steal a range of sensitive user data This article explores phishing threats longer. . Cobi Aloia and Mark Deomampo of the Cofense PDC wrote in a blog post that the campaign shows how attackers are always coming up with new ways to make phishing threats that "are no longer easy to spot."
Phishing is one of the oldest security threats to user endpoints, but it still works very well because attackers use simple but effective psychological tricks.
Related: The Data Gap: Why Cyber Incidents at Nonprofits Don't Get Enough Attention The researchers said that the attacks use a number of different but common phishing methods, such as brand impersonation, social engineering, credential theft, and identity theft, among others. They said that these methods "show how quickly threats are changing and coming together." Two Ways to Attack, Same Result Cofense found two different ways that the campaign could attack, both of which use the psychological tricks of urgency, pretending to be trusted brands, and abusing LiveChat interactions to get customers to give up their data.
They wrote in the report that this "makes the phishing attempt feel like real-time customer service, which makes the victim less careful and increases the chances of stealing their credentials and data."
Commercial Spyware Opponents Fear of US Policy Changes Researchers say that stopping these attacks requires more than just software- or machine-based security. It also needs human-driven analysis that combines "expert-level threat hunters, real-time intelligence, and user reports to find and stop evolving attacks before they do damage." The blog post gives defenders specific indicators of compromise (IoCs) for both of the malicious emails used in the campaign to help them find the LiveChat-driven attacks.
