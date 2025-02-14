Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
Campaign looks to steal credit card data
- Netskope's researchers uncover new phishing campaign
- Team says the campaign started in mid-2024 and has affected "thousands"
- Victims are promised important PDF documents in exchange for credit card data
A new phishing campaign has been discovered trying to trick gullible people into handing their sensitive personal and payment information to cybercriminals.
Cybersecurity researchers from Netskope Threat Labs detailed their findings, noted the target of this campaign is mainly people looking for PDF files online - whether books, documents, charts, or similar files. The criminals would host a fake .PDF file on the Webflow content delivery network (CDN), which the victims could then find through search engines.
The PDF file would then serve them an image that mimics a CAPTCHA, but is instead just a link to a phishing page. That page, in turn, hosts a real Cloudflare Turnstile CAPTCHA. Having a CAPTCHA on a phishing page serves two purposes: the first one is to lend legitimacy to the fraud, and the second one is to better bypass different web security protections.
Fake errors
Users who complete the real CAPTCHA are then redirected to a page with a “download” button which, after pressed, displays a popup. That popup asks the victims to provide their personally identifiable information (PII), as well as credit card data which are then relayed to the attackers.
The victims who enter their credit card details are then served a fake error message, stating that the payment was not accepted. Those that try multiple times, will eventually be redirected to an HTTP 500 error page.
Netskope says that the campaign has been ongoing since the second half of 2024 and has, since then, affected “hundreds” of Netskope customers and “thousands” of users. The researchers did not say what the criminals are using the stolen cards for, other than it’s for “financial fraud”. Most of the time, though, crooks would use credit cards to purchase ad space for malvertising campaigns, or to buy online gift cards which are difficult to trace.
