Source: Netskope Threat Labs
A new report from Netskope Threat Labs has revealed a sophisticated phishing campaign that abuses the Webflow content delivery network (CDN) and employs fake CAPTCHA images to trick users into revealing their credit card information. The campaign, which has been active since the latter half of 2024, has already impacted thousands of users across hundreds of Netskope customers.
The attackers are using search engine optimization (SEO) techniques to lure victims searching for documents, book titles, and charts to malicious PDF files hosted on the Webflow CDN. These PDFs contain embedded CAPTCHA images that appear legitimate but actually conceal phishing links.
“These PDFs appear in search engine results when victims search targeted keywords, such as book titles, documents and charts,” the report explains. When a user clicks on the fake CAPTCHA, they are redirected to a Cloudflare Turnstile CAPTCHA, adding a layer of deception and creating the illusion of a genuine security check.
After completing the Cloudflare CAPTCHA, the victim is taken to a fake forum where they are prompted to sign up to download the document they were initially searching for. This sign-up process involves providing an email address, name, and eventually, credit card details.
The attackers then display an error message indicating that the credit card was not accepted. If the victim enters their credit card information multiple times, they are finally redirected to an HTTP 500 error page. By this point, the attackers have already captured the victim’s sensitive information.
By abusing legitimate services like Webflow and Cloudflare, and employing clever tactics like fake CAPTCHAs, attackers are making it more difficult than ever for users to identify and avoid phishing scams.
Netskope Threat Labs urges users to exercise caution when clicking on links in documents or emails, even if they appear to come from trusted sources. Always verify the authenticity of a website before entering any personal or financial information.
