Phishers Abuse LiveChat Support Tools to Steal Sensitive Data in New SaaS-Based Attack Tactic

A new phishing campaign is using real customer service software to steal sensitive user data. Attackers have been using LiveChat, a popular Software-as-a-Service (SaaS) platform that businesses use to provide real-time customer support, to trick people into giving them their personal information. The campaign is a clear shift away from traditional phishing methods and toward ones that seem more personal and are harder to spot.

Learn more about Exploit Software Testing Information about security threats This method is different from most phishing emails because it puts victims in a live chat window where they think they are talking to a real support agent from companies like PayPal or Amazon.

The setup is meant to make every interaction feel real, so it's hard to tell the difference between a real customer service session and a well-made trap. Email 1: Billing Information and Credit Card Information (Source: Cofense) After the victim filled out the last MFA form, they were sent to the LiveChat window, where they were told that the refund was on its way. CC MFA and Confirmation Message (Source: Cofense) People and businesses should be careful with any unsolicited email about refunds or order confirmations, especially if it comes through a chat link instead of an official brand website.

If someone asks for your MFA codes, credit card numbers, or birth dates through any chat interface, that's a big red flag that you should stop talking to them right away.

Security teams are told to keep an eye on outgoing traffic to lc[. ]chat domains and block any known bad URLs that are linked to this campaign to lower the risk. Set ZeroOwl as your preferred source in Google to get more instant updates on Facebook, LinkedIn, and X.