ATTACKERS have found a new way to conduct phishing by abusing LiveChat, using real-time social engineering to steal a range of sensitive data, according to Cofense's Phishing Defense Center (PDC). The campaign impersonates PayPal and Amazon and engages victims through online chat to coax them into sharing credentials, credit card details, MFA codes, and other personally identifiable information.
Cofense specifically identified two attack vectors: the first uses a refund lure with a spoofed PayPal message promising a $200 refund, leading victims to a LiveChat page that directs them to a phishing site to complete the refund and reveal credentials and MFA codes. The second, branded less clearly, involves an order-pending notification that redirects to a chat where a seemingly real agent impersonates Amazon and asks for additional persona details and card information.
This represents the first recorded instance of attackers abusing LiveChat for data theft, underscoring the need for human-led analysis alongside technical controls to spot evolving threats. Published on 16 March 2026.