Hackers are using fake CAPTCHA challenges in a new phishing scam to steal credit card details and other sensitive information, according to a recent report. The campaign, active since mid-2024, involves malicious PDF files hosted on a content delivery network (CDN).
Attackers target users searching for documents on search engines like Google. Clicking on infected PDF files displays a fake CAPTCHA image that leads victims to a phishing site. To make it appear legitimate, the page features a real CAPTCHA check before redirecting users to a fake download button.
How the Scam Works
Victims trying to download the document see a pop-up requesting credit card details. When they enter their information, they receive an error message, prompting them to try again. If they resubmit their details multiple times, they are redirected to an HTTP 500 error page.
By using this method, hackers trick users into thinking their payment failed, allowing them to collect multiple sets of stolen data. Additionally, the use of real CAPTCHA services helps evade security scanners that typically detect phishing pages.
New Phishing Kit Makes Hackers Attacks Easier
At the same time, researchers have uncovered a phishing kit called Astaroth, which is sold on cybercrime forums for $2,000. This tool enables attackers to bypass two-factor authentication (2FA) using a reverse proxy technique.
Astaroth works as a man-in-the-middle attack, intercepting login credentials, session cookies, and tokens in real time. It mimics popular services like Gmail, Yahoo, and Microsoft, making it easier for criminals to steal user accounts.
How to Protect Yourself from Phishing Scams
Users should avoid clicking on unknown PDFs and verify links before entering sensitive data. Enabling multi-factor authentication (MFA) can add an extra layer of security. Additionally, browser security tools and email filters can help detect and block phishing attempts. Companies should also train employees on how to recognize phishing scams and report suspicious activity immediately.
