Bitcoin Forum
February 23, 2020, 12:01:20 PM *
News: Latest Bitcoin Core release: [Torrent]
   Home   Help Search Login Register More  
Pages: [1]
Author Topic: {Warning}:New Phishing Campaign Uses Captcha to Bypass Email Gateway  (Read 80 times)
Hero Member
Offline Offline

Activity: 1050
Merit: 814

View Profile
September 11, 2019, 04:05:41 AM
Merited by DdmrDdmr (1)

New Phishing Campaign Uses Captcha to Bypass Email Gateway

Phishing threat actors are using Captcha methods to bypass automated URL analysis. By using Captcha techniques to prove human presence, the phish prevents the secure email gateway (SEG), in this case Mimecast’s gateway, from scanning the URL thereby enabling the threat to get through. Here’s how it works.

Ok so it looks like cyber criminals have found a loophole again by hiding their bad intentions through Captcha.

To summarised:

[1] Unsuspecting victims received a phished email, saying that you have a new voicemail with a message preview, to attract the attention of the recipient

"Hey you have missed my call earlier.." and then it cuts. Now, human psychology tells you to go and click because you are interested on what this voicemail are.

[2] Once you click that embedded voicemail hyperlink, it will redirect you to a Captcha code site. Of course, (SEG) or secure email gateway can't scanned it for malicious content. And you can't tell it's a phished attempt on you at this point.

[3] Once you completed the Captcha code, you will be redirected to the "real" Phishing site. So it can mimic anything in this case, Microsoft account selector and login page. And once you input your credentials, done cyber criminals have all your info and your account.

You can read everything here:

Image generated by: Imgflip

..bustadice..         ▄▄████████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Hero Member
Offline Offline

Posts: 1582459280

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Sr. Member
Offline Offline

Activity: 602
Merit: 334

View Profile
September 11, 2019, 05:08:30 AM

Scammers always find new loopholes. The only possible way to protect ourselves from things like this is security awareness. If nobody ever sent you a voicemail before, or if you never turn e-mail alerts for something like this, then it's likely a scam.

Be careful wherever you are. Don't just click and ditch.
Offline Offline

Activity: 1204
Merit: 1165

View Profile WWW
September 11, 2019, 08:28:49 AM
Last edit: September 12, 2019, 05:26:12 AM by wwzsocki
Merited by tranthidung (1)

...[1] Unsuspecting victims received a phished email...
[2] Once you click that embedded voicemail hyperlink...

Rule number one to be safe online: NEVER CLICK ON LINKS IN EMAILS, especially if you don't know the sender (whitelisting).

This is relatively easy to be safe online. We just need to develop the right skills and behave carefully online. Do not trust anyone, download anything from unknown sources, and always check the electronic signature with PGP when, for example, when we update the Bitcoin wallet to the last version from the source page.

One more time, remember to: NEVER USE ANY LINKS PROVIDED IN EMAILS.

If there is no other way and you have to use a link provided by an unknown third party, you should always properly check it for viruses (VirusTotal, etc.) and open it in a safe environment, like a sandbox or virtual machine. This is the only way to avoid infection.

Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!