icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs

Summary:
Netskope Threat Labs has uncovered details of a widespread phishing campaign aimed at stealing credit card information for financial fraud. The campaign has been ongoing since mid-2024 and exploits search engines to direct victims to PDF documents containing CAPTCHA images that are embedded with phishing links. These malicious PDFs, hosted on Webflow’s CDN service, appear in search results when victims search for specific keywords, such as book titles, documents, and charts, which are strategically included in the PDF files.

When victims interact with the CAPTCHA image in the PDF documents, they are redirected to a site that mimics a legitimate CAPTCHA challenge. Clicking the CAPTCHA button leads them to an actual Cloudflare Turnstile CAPTCHA, creating the illusion of a genuine security check. After solving the CAPTCHA, victims are directed to a forum offering a file named after the search keyword they used. To download the file, they are prompted to sign up by providing their email and personal details, including their first and last name, as well as their credit card information. Upon entering their credit card details, an error message appears stating that the card was not accepted. If the victim attempts to submit their credit card information two or three more times, they are redirected to an HTTP 500 error page.

Security Officer Comments:
While CAPTCHAs are typically used to verify the authenticity of online users, cybercriminals have repurposed them to infect victims with malicious payloads and steal data of interest. Recently, campaigns have been observed distributing Lumma stealer through fake CAPTCHA pages that trick victims into running malicious scripts via PowerShell or CMD to "verify" they are human. Although the latest campaign uncovered by Netskope takes a different approach in embedding phishing links within CAPTCHA images, it underscores a broader trend of cybercriminals exploiting the generalized perception of CAPTCHA's intended purpose for financial gain.

Suggested Corrections:
Users should exercise caution when clicking on links or downloading files from untrusted sources that appear in search results. Before entering personal information online, it's important to carefully verify the authenticity of the website's domain. Requests for credit card details in exchange for file access should raise immediate red flags. Additionally, understanding the purpose and function of CAPTCHAs is crucial in avoiding falling victim to campaigns that misuse the tool for malicious purposes.

Link(s):
https://www.netskope.com/blog/new-phishing-campaign-abuses-webflow-seo-and-fake-captchas

Contact Us for Threat Assistance
Back to Current Threats