- Netskop’s researchers reveal the new phishing -campaign
- Team says the campaign started in mid -2024 and has affected “thousands”
- Victims Loves Important PDF Documents In exchange for Credit Card Data
A new phishing campaign has been discovered trying to fool gullible people to transfer their sensitive personal and payment information to cyber criminals.
CyberSecurity scientists from Netskope threat Labs detail their findings, noted that the goal of this campaign is mainly people looking for PDF files online -whether it is books, documents, diagrams or similar files. The criminals would host a fake .pdf file on Webflow Content Delivery Network (CDN), which the victims could then find through search engines.
The PDF file will then earn them a picture that mimics a captcha, but is instead just a link to a phishing page. This page, for its part, hosts a real cloudflare -tour style CAPTCHA. Having a CAPTCHA on a phishing side serves two purposes: the first is to give legitimacy to fraud and the second is to bypass different web security protections better.
False errors
Users who finish the right CAPTCHA are then redirected to a page with a “download” button that shows a popup after the pressure. This popup asks the victims to provide their personally identifiable information (PII) as well as credit card data, which is then forwarded to attackers.
The victims who enter their credit card information are then served a false error message indicating that the payment was not accepted. Those who try several times will eventually be redirected to an HTTP 500 error page.
Netskope says the campaign has been underway since the second half of 2024 and has since affected “hundreds” of net scope customers and “thousands” of users. The researchers did not say what the criminals use the stolen cards, except for “financial fraud.” Most of the time, however, Crooks would use credit cards to buy ad space for maltering campaigns or to buy online gift cards that are difficult to track.
