LiveChat Abuse: How Phishers Are Exploiting SaaS Support Tools to Steal Sensitive Data

Cofense PDC observed a live phishing campaign that abuses LiveChat (lc.chat / direct.lc.chat) to impersonate PayPal and Amazon customer service; attackers use real-time chat interactions to harvest credentials, card data, MFA codes, and PII, then redirect victims to external payload URLs. The report includes observed infection and payload URLs, associated IP addresses, examples of the social-engineering lures, and demonstrates how attackers can bypass MFA and drain financial accounts.