Netcraft researchers recently came across a fraudulent Web site that claimed to offer online support for eBay customers, using Volusion's live chat offering to mimic eBay's chat service (h/t Help Net Security).
"By running a live chat service and asking the right questions, a fraudster could coax an unsuspecting victim into revealing sensitive information in addition to their eBay login credentials," notes Netcraft's Nick Hatter.
While eBay's own live chat service is only accessible through a secure page on an eBay.com subdomain, links to the fraudulent chat service were apparently provided in fake eBay order confirmation e-mails.
Because several major companies outsource their live chat support, Hatter notes, it could be relatively simple to trick victims into thinking they're chatting with a legitimate service. And because many chat providers like Volusion offer free and/or trial deployments, it would also be easy to set up such a scam.
"Netcraft advises people to never reveal sensitive information such as passwords or PINs in live chats, even if asked," Hatter writes. "A legitimate company will not require this information. If in doubt, challenge them to verify who they say they are. Only access live chats from companies' own sites: do not access them from third-party websites or emails."