Palo Alto Networks detailed a new phishing campaign trend in which malicious activity includes an attached CAPTCHA link. These instances were observed to either abuse legitimate challenge-and-response services or deploy fake CAPTCHA-like validation.
The practice is largely designed to make the pages appear more legitimate; after solving, the user is redirected to a classic phishing page. In some cases, however, CAPTCHA keys can be mined automatically, using “ground truth data” and “filtering pipeline.”
“Hiding phishing content behind CAPTCHAs,” Palo Alto noted, “prevents security crawlers from detecting malicious content and adds a legitimate look to phishing login pages.”
The company noted that, in the past month alone, it blocked 7,572 unique URLs across 4,088 pay-level domains, protecting 202,872 visits.
Additional information is available via the Palo Alto Networks website.