Microsoft Phishing Page Bypasses Automated Detection Using Captcha

According to this link, https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-uses-captcha-to-bypass-automated-detection/, a new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs).

The attackers were after credentials for Microsoft accounts and created a page that mimics the original for selecting an account and logging in
This is served after completing the human verification step. Needless to say that anything typed in the text fields is automatically sent to the attacker
According to the researchers, the email delivering the phishing link is from a compromised account from ‘avis.ne.jp‘ and pretends to be a notification for voicemail message

About the Author

ISBuzz Team

The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Phishers Nabbed in International Sting

Brand Impersonations Surge 2000% During Black Friday

Rising Abuse of URL Rewriting in Phishing Attacks: A Growing Threat

Working With Us

Write For Us

The Pages