- Netskope researchers discover a new phishing campaign
- The team said the campaign started in mid-2010 and affected “thousands” “”
- Victims are promised major PDF documents in exchange for credit cards
A new phishing campaign has been discovered by trying to encourage gullible people to put their personal and payment information sensitive to cybercriminals.
Cybersecurity researchers from Netskope Threat Labs have detailed their results, noted that the objective of this campaign is mainly people looking for online PDF files – whether books, documents, graphics or similar files. Criminals would host a false .pdf file on the webflow content delivery network (CDN), which the victims could then find via search engines.
The PDF file would then serve them an image that imitates a Captcha, but is rather only a link to a phishing page. This page, in turn, hosts a real Cloudflare Turnique Captcha. Having a captha on a phishing page serves two objectives: the first is to lend legitimacy to fraud, and the second is to better bypass different web security protections.
False errors
Users who complete the real Captcha are then redirected to a page with a “Download” button which, after pressing, displays a context window. This Popup asks the victims to provide their personally identifiable information (PII), as well as credit card data which is then relayed to the attackers.
Victims who enter the details of their credit card then receive a false error message, declaring that payment has not been accepted. Those who try several times will eventually be redirected to an Error page HTTP 500.
Netskope says that the campaign has been underway since the second half of 2024 and has since affected “hundreds” of Netskope customers and “thousands” of users. The researchers have not said what the criminals for stolen cards are for, apart from “financial fraud”. Most of the time, however, crooks would use credit cards to buy advertising space for malvertling campaigns or to buy online gift cards that are difficult to trace.
