Microsoft Phishing Page Uses Captcha to Bypass Automated Detection

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs).
Businesses use SEGs to protect against a wide variety of email-based attacks. They scan all messages, in or out, for malicious content and protect at least against malware and phishing threats.

Ironically, the phishing campaign discovered by Cofense used this type of challenge to block automated URL analysis from processing the dangerous page.
"The SEG cannot proceed to and scan the malicious page, only the Captcha code site. This webpage doesn’t contain any malicious items, thus leading the SEG to mark it as safe and allow the user through." - Cofense
Read more below:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top