Microsoft Phishing Page Uses Captcha to Bypass Automated Detection

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-uses-captcha-to-bypass-automated-detection/

A new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs).
Businesses use SEGs to protect against a wide variety of email-based attacks. They scan all messages, in or out, for malicious content and protect at least against malware and phishing threats.

Ironically, the phishing campaign discovered by Cofense used this type of challenge to block automated URL analysis from processing the dangerous page.
"The SEG cannot proceed to and scan the malicious page, only the Captcha code site. This webpage doesn’t contain any malicious items, thus leading the SEG to mark it as safe and allow the user through." - Cofense

Read more below:

Microsoft Phishing Page Uses Captcha to Bypass Automated Detection

A new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs).

www.bleepingcomputer.com

Phish Campaign Uses Captcha Bypass & Email Gateway | Cofense

A new phishing campaign is bypassing email gateways with the use of captchas. Learn how to stay safe on the Cofense blog.

cofense.com