silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Read more below:A new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs).
Businesses use SEGs to protect against a wide variety of email-based attacks. They scan all messages, in or out, for malicious content and protect at least against malware and phishing threats.
Ironically, the phishing campaign discovered by Cofense used this type of challenge to block automated URL analysis from processing the dangerous page.
"The SEG cannot proceed to and scan the malicious page, only the Captcha code site. This webpage doesn’t contain any malicious items, thus leading the SEG to mark it as safe and allow the user through." - Cofense
Microsoft Phishing Page Uses Captcha to Bypass Automated Detection
A new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs).
www.bleepingcomputer.com
Phish Campaign Uses Captcha Bypass & Email Gateway | Cofense
A new phishing campaign is bypassing email gateways with the use of captchas. Learn how to stay safe on the Cofense blog.
cofense.com