14 DAY TRIAL // Many companies offer live chat services to provide support to customers. However, users must make sure that they’re on the organization’s legitimate site, or they could end up handing over their details to fraudsters.
A perfect example is provided by Netcraft. Experts have come across a bogus eBay support site that used a third-party live chat service from Volusion in an attempt to trick users into handing over their credentials and other sensitive information.
“The agent providing ’support’ claimed that the chat was accessed by clicking a live chat button in eBay's order confirmation email. When Netcraft attempted to question the legitimacy of the live chat, the agent immediately disconnected,” Netcraft’s Nick Hatter wrote in a blog post.
Initially, the live chat window contained the eBay logo to make everything more legitimate-looking, but later the logo had disappeared. The crooks can simply change the logo and target the customers of other companies.
Experts advise users to be extra cautious when accessing live chat services. In this particular case, since Volusion live chat services have valid SSL certificates, internauts could easily mistake a scam for the real deal.
Here are some important things to remember when using live chat: - Only access the live chat directly from the company’s legitimate website, not via links received in emails; - If the person you’re talking to asks for your password, PIN or other financial information, you might be dealing with a scammer;
Phishing attacks that rely on social engineering can be highly effective, despite the fact that they’re not as automatized as attacks that rely on malware or phishing websites that replicate a company’s login page.
If you want to stop worrying about phishing sites, you can install a specialized app such as Netcraft’s Anti-Phishing browser extension.