The PDF then goes to a site with a CAPTCHA form. ![]() The user receives a standard-looking email, purporting to be a faxed document. In this attack, threat actors are using CAPTCHA forms to fool anti-phishing filters. Techniques: CAPTCHA Forms, Impersonation. ![]() Once the user accesses the content, the hackers ask for credentials to access a PDF. In this attack, hackers are using CAPTCHA forms, sent from legitimate domains, to fool scanners and get into the inbox. In this attack brief, Avanan will analyze how threat actors are using CAPTCHAs to steal credentials. Now, starting in February 2022, Avanan researchers have found new ways that hackers are using CAPTCHA forms, in this case taking advantage of a compromised domain of a university, which lends legitimacy. ![]() That particular attack took advantage of the trust that scanners have in Google’s reCAPTCHA product. In April 2021, Avanan researchers wrote about how hackers are using CAPTCHA forms–those annoying puzzles you have to fill out after entering data to prove you are human–to bypass filters.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |