Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems

LovabledanielsFebruary 14, 202577 Views

Netskope’s researchers uncover new phishing campaign
Team says the campaign started in mid-2024 and has affected “thousands”
Victims are promised important PDF documents in exchange for credit card data

A new phishing campaign has been discovered trying to trick gullible people into handing their sensitive personal and payment information to cybercriminals.

Cybersecurity researchers from Netskope Threat Labs detailed their findings, noted the target of this campaign is mainly people looking for PDF files online – whether books, documents, charts, or similar files. The criminals would host a fake .PDF file on the Webflow content delivery network (CDN), which the victims could then find through search engines.

The PDF file would then serve them an image that mimics a CAPTCHA, but is instead just a link to a phishing page. That page, in turn, hosts a real Cloudflare Turnstile CAPTCHA. Having a CAPTCHA on a phishing page serves two purposes: the first one is to lend legitimacy to the fraud, and the second one is to better bypass different web security protections.

Fake errors

Users who complete the real CAPTCHA are then redirected to a page with a “download” button which, after pressed, displays a popup. That popup asks the victims to provide their personally identifiable information (PII), as well as credit card data which are then relayed to the attackers.

The victims who enter their credit card details are then served a fake error message, stating that the payment was not accepted. Those that try multiple times, will eventually be redirected to an HTTP 500 error page.

Netskope says that the campaign has been ongoing since the second half of 2024 and has, since then, affected “hundreds” of Netskope customers and “thousands” of users. The researchers did not say what the criminals are using the stolen cards for, other than it’s for “financial fraud”. Most of the time, though, crooks would use credit cards to purchase ad space for malvertising campaigns, or to buy online gift cards which are difficult to trace.

Weekly update

Explosions, violations reported after India and Pakistan agree ceasefire | Conflict News

A huge Sony Xperia 1 VII leak hints at the design, colors, and features of the upcoming flagship

At least 33 people killed in suspected RSF attacks in Sudan | Sudan war News

Weekly Newsletter

Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems

Leave a comment

Leave a Reply Cancel reply

Explore more

A huge Sony Xperia 1 VII leak hints at the design, colors, and features of the upcoming flagship

At least 33 people killed in suspected RSF attacks in Sudan | Sudan war News

India and Pakistan agree ceasefire: What does it mean? | India-Pakistan Tensions News

This tiny $1999 beast can run 70 billion AI parameters, RTX-level gaming, and the full Adobe Suite without a sound

How water vapor is powering the next generation of soft robots

Remote workers increasingly hold two jobs in secret, risking burnout legal action and a collapse in employer trust

If you’re already subscribed to Whoop, you can now get a free upgrade to the latest devices after a user backlash

I’d jump at the chance to swap my 24-inch LCD monitor for this 25-inch color E Ink alternative – if only I could afford it

Get to Know Us

Let's keep in touch