Hackers stole Microsoft Office 365 information for users using fake court-themed emails. To make it more believable, hackers added the CAPTCHA verification to the mailer, and sent emails to specific people to get rid of spam filters.
Hackers who developed a new kind of phishing scam method stole the credentials of users using CAPTCHA, an application used for the security of network pages. In the phishing attack, the attackers used ‘court order’ emails, claiming that there was an authority to trap their victims.
Although such phishing methods were not widely used, there are some examples in the past. At this point in November last year, malicious people targeted the credentials of the users using the name of the UK Ministry of Justice. Similarly, just a few days ago, Armorblox explained how fake emails were allegedly sent from British courts.
The attackers used CAPTCHA verification to be more believable:
Attackers are said to send emails only to specific individuals, not in bulk, to ensure they are not stuck with normal security filters and Exchange Online Protection (EOP), the email security service provided by Microsoft. For those who do not know, EOP is known as an email security service offered by Microsoft for removing malicious content from email messages and filtering spam.
The hackers who set the targets and sent the emails used CAPTCHA to make the message more believable. According to a blog post published by Armorblox, the inclusion of CAPTCHA helps security technologies get even more difficult.
Security researchers say that in these CAPTCHA validations created by hackers, there are grammatical mistakes that a court-based page would never do, and that the pages do not appear to belong to a legal agency. However, many people do not pay much attention to such small details.
In the phishing method used, users who pass CAPTCHA validations are finally offered a Microsoft Office 365 page, asking for credentials. In fact, this unofficial page with the attacker’s domain transmits the information to malicious people by entering the credentials of careless users.