Phishers Exploit LiveChat SaaS Support Tools to Harvest Credentials, Credit‑Card Data and MFA Codes
What Happened – Threat actors are using the LiveChat SaaS platform to host malicious chat widgets that impersonate well‑known brands (e.g., PayPal, Amazon). Victims receive phishing emails with a “View Transaction” link that redirects to a LiveChat page where a bot or fake agent solicits login credentials, credit‑card numbers, MFA codes and other PII.
Why It Matters for TPRM –
- LiveChat is a third‑party customer‑support service; compromise of its chat interface can expose data of any organization that embeds it.
- Credential and payment‑card theft can lead to downstream fraud, account takeover, and regulatory penalties for the affected vendor.
- The abuse demonstrates how SaaS support tools can be weaponized without a direct breach of the provider itself.
Who Is Affected – Financial services, e‑commerce retailers, SaaS vendors that embed LiveChat, and their customers.
Recommended Actions –
- Review contracts and security questionnaires for any LiveChat (or similar) integrations.
- Verify that the provider enforces strict domain‑allow‑list controls and multi‑factor authentication for admin access.
- Conduct phishing‑resilience training focused on chat‑widget lures and enforce URL‑verification policies.
Technical Notes – Attack vector: phishing emails → malicious LiveChat widget (hosted on lc.chat domain) → credential harvesting via chat bot or fake agent. No CVE disclosed; data types targeted include usernames, passwords, credit‑card numbers, MFA tokens and PII. Source: Cofense Intelligence