Microsoft Phishing Page Bypasses Automated Detection Using Captcha

By   ISBuzz Team
Writer , Information Security Buzz | Sep 10, 2019 05:32 am PST

According to this link, https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-uses-captcha-to-bypass-automated-detection/, a new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs).

  • The attackers were after credentials for Microsoft accounts and created a page that mimics the original for selecting an account and logging in
  • This is served after completing the human verification step. Needless to say that anything typed in the text fields is automatically sent to the attacker
  • According to the researchers, the email delivering the phishing link is from a compromised account from ‘avis.ne.jp‘ and pretends to be a notification for voicemail message
Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
September 10, 2019 1:38 pm

This attack shows that when it comes to phishing attacks, technical controls alone are usually not enough and criminals will find a way to bypass them. Therefore, no matter what controls are in place, it\’s important to provide security awareness and training to users so that they can spot and report any suspicious emails.

Last edited 4 years ago by Javvad Malik

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x