Simple attack catches victims via genuine CAPTCHA.
A phishing campaign that uses malicious PDF files hosted on the Webflow content delivery network to trick users into providing credit card information has been detected.
According to The Hacker News, researchers at Netskope Threat Labs found that victims are redirected to a PDF file containing a fake CAPTCHA challenge linked to a phishing page from search results.
To enhance credibility, the attackers use a real Cloudflare Turnstile CAPTCHA before directing victims to a fraudulent download page. Upon clicking the "download" button, users receive a pop-up requesting personal and credit card details. The victim will then encounter an error message, forcing them to enter their card details multiple times before they are ultimately shown an HTTP 500 error page.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
