Last week, a phishing attack called eBay Live Chat has came into the light. The whole story started when Netcraft who is an Internet services company founded in Bath, England. It has blocked a website who was proposing to offer online support for eBay customers. Netcraft furnishes web server and web hosting market-share analysis. As per report, the fraudulent website was using third party live chat service called Volusion (an eCommerce company) that provides free and premium live chat software service.
By operating such fraudulent live chat, fraudster was asking for login credential and thereby capturing sensitive information of eBay customers. Fraudster was claiming that the live chat support was for order confirmation mail. When Netcraft asked about its genuineness, the attacker immediately disconnected the webpage. Fraudster was using livechat26.volusion.com while the legitimate eBay live chat support has URL starting with cschat.ebay.com that is secure with SSL security and is linked with eBay website.
After disconnecting, the logo of eBay and its branding had disappeared. Many well-know companies have started live chat option for customer queries and its instant solutions. Such companies like sky (British broadcaster), ISP, Oracle, Rack space, etc. All these companies apply a valid SSL certificate and use their valid sub domain without instead of third party domain name. Generally, the phishers always use open source chat software to stupefy people, steal their confidential details, and misuse details in future. Many phishers with limited knowledge take shelter of social engineering to carry out their operation easily and secretly. In February 2013, there was a phishing attack in Amazon regarding fake order process asking fraudulently order numbers for future attacks.
Netcraft advised people not to reveal sensitive information to unknown website like password, login details, PIN, etc. A legitimate company does not need your confidential information. Only access live chat option from a company’s website and do not access third party domain or website or email for further communication.
People while accessing eCommerce website there are some points should be considered like:
- Users are accessing company’s domain.
- Company webpage has SSL certificate and it is not expired.
- Always check the domain name in address bar of company’s website for further processing.
- Never reveal your personal information to anyone.
- If possible, then user can call the company’s customer care no. for the verification of details.
It is realized that phishers with malicious intention try to capture details of innocent online shoppers and users and they targeted many giant companies, online websites, and social media sites where they can find a huge traffic.