Early last week, Netcraft blocked a website purporting to offer online support for eBay customers. The website made use of a third-party live chat service provided by Volusion, an e-commerce outfit which also provides both free and premium hosted live chat services. By running a live chat service and asking the right questions, a fraudster could coax an unsuspecting victim into revealing sensitive information in addition to their eBay login credentials.

The agent providing “support” claimed that the chat was accessed by clicking a live chat button in eBay’s order confirmation email. When Netcraft attempted to question the legitimacy of the live chat, the agent immediately disconnected. eBay’s official live chat service is available to eBay members through a secure page on an ebay.com subdomain and is linked to from the eBay website.

The article continues with screencaptures and more. Pay careful attention to the details such as the fact that the fake site was ssl and had a valid certificate. Amazon also gets a mention, as scammers apparently have also used the same technique with their name.

With regards to ebay, this is hardly the first time for such activity to be uncovered.

This is also reminiscent of another monumental hackjob, on paypal, which was reported by Netcraft. The one where Paypal covered it up for two whole years.

Curious reports regarding scams using the Paypal customer service angle have also been surfacing lately, only to be quickly deleted by ebaY and their user forum moderation service.

