Hacker invaded Wyoming Medical Center
infosec

Hacker invaded Wyoming Medical Center

Hackers invaded Wyoming medical center systems forcing a hospital to cancel some surgeries, stop accepting ...
Read More
infosec

WeWork's WiFi network is leaking sensitive user information

WeWork WiFi vulnerabilities in the Manhattan-based company building which exposed sensitive company data, ...
Read More
infosec

Microsoft: The biggest risk for businesses is cyberattacks

According to a survey by Marsh and Microsoft, the biggest threat to businesses is cyberattacks. Nowadays,...
Read More
infosec

How to fix iOS 13 bugs in iPhone Mail app

If you have upgraded to iOS 13, then you may have discovered that the Mail app behaves a bit weird, which is ...
Read More
infosec

Check if your folders have malware with Windows Defender!

Windows comes with a free antivirus program, called Windows Defender, that offers continuous protection as well as the ability to ...
Read More
Latest Posts

Microsoft's phishing page can't be crawled thanks to Captcha!

Captcha

Researchers have discovered a new one Phishing marketing campaign, which he uses captcha bins to bypass "secure electronic mail gateways" (SEGs) and run a fake page microsoft.

Companies use SEGs to ensure that e-mail what they receive is "pure", that is, they do not contain any virus. SEGs are responsible for scanning all messages, internally and externally, to ensure that no malicious content is contained. It acts as a shield against phishing and others attacks.

Captcha prevents automatic scanning

Captcha is one of a kind test used to determine if the user is human or bot. It is designed to detect and prevent suspicious activity.

However, the hackers managed to use it Captcha to cover up the fake σελίδα that they made, after blocking the URL analysis.

"The SEG cannot go ahead and scan the malicious site, but only the Captcha code site. This site does not include malicious content, so SEG considers it safe, "the researchers said.

The attackers targeted acquisition of credentials Microsoft accounts so they created a fake login page, very similar to the original company page.

If a user enters the fake page and enters his credentials or any other item, hackers will have access to them.

According to researchers, the email with phishing link comes from an account disrupted by 'avis.ne.jp'.

The email has an option that allows you to preview the alleged communication. Clicking this option will take you to the captcha page.

Such a phishing pages as well as captcha are hosted on Microsoft infrastructure. For this reason, SEGs cannot detect anything strange when analyzing the URL. Domains look legal.

Cybercriminals are constantly discovering new ways to deceive their victims and programs protection they use. As it turned out in this case (but also in other attacks) they have begun to use tools that are normally designed to deliver safety, but they are exploited in such a way as to help their scams.

In the past some hackers had used them QR codes to redirect victims to phishing pages. QR codes are also often used to create security programs.

How useful was this post?

Average rating / 5. Vote count:

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
Absent Mia

About Absent Mia

Being your self, in a world that constantly tries to change you, is your greatest achievement

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *