Simple attack catches victims via genuine CAPTCHA.
A phishing campaign that uses malicious PDF files hosted on the Webflow content delivery network to trick users into providing credit card information has been detected.
According to The Hacker News, researchers at Netskope Threat Labs found that victims are redirected to a PDF file containing a fake CAPTCHA challenge linked to a phishing page from search results.
To enhance credibility, the attackers use a real Cloudflare Turnstile CAPTCHA before directing victims to a fraudulent download page. Upon clicking the "download" button, users receive a pop-up requesting personal and credit card details. The victim will then encounter an error message, forcing them to enter their card details multiple times before they are ultimately shown an HTTP 500 error page.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
