Beware of Bogus PDFs: How Phishers are Hooking Your Credit Card Details!

A phishing campaign is using fake PDFs on Webflow CDN to steal credit card data. Victims, misled by CAPTCHA images, end up on phishing sites posing as legitimate security checks. This scam highlights the need for vigilance when encountering online documents.

3P
Published: February 13, 2025 3:39 pmAdded: February 13, 2025 at 8:04 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Phishing scams are like the cockroaches of the internet: they’re everywhere, no matter how many times you think you’ve squashed them. Now, they’ve upped their game with bogus PDFs and CAPTCHA trickery, proving that scammers have more layers than an onion—and they’re just as likely to make you cry.

Key Points:

  • Phishing campaign using fake PDFs hosted on Webflow CDN targets search engine users.
  • PDFs contain CAPTCHA images that lead to phishing pages with real CAPTCHA challenges.
  • Victims are tricked into entering personal and financial information.
  • New phishing kit “Astaroth” sold for $2,000, intercepts traffic to steal credentials and bypass 2FA.
  • Phishing-as-a-service is now a thing, proving that cybercrime has a business model scarier than a Halloween costume.

PDFs: Pretty Devious Files

Why read a book when you can have your credit card details stolen instead? This phishing campaign is targeting unsuspecting bibliophiles and document hunters by planting fake PDFs on Webflow CDN. These PDFs, which should be titled “How to Lose Money in 10 Clicks,” lure users with the promise of juicy content. Instead, they serve a CAPTCHA image that whisks users away to a phishing page, leaving them one step closer to financial doom. The audacity of using a CAPTCHA challenge to fool victims is both infuriating and diabolically clever.

The CAPTCHA Conundrum

As if CAPTCHA challenges weren’t annoying enough, now they’re part of the scam! By embedding a real Cloudflare Turnstile CAPTCHA in their phishing pages, scammers add a false sense of security to the ruse. Victims think they’re verifying their human status, but in reality, they’re just verifying their gullibility. Once they solve the CAPTCHA, they encounter a “download” button, supposedly leading to the sought-after document. Spoiler alert: what they actually get is a request for personal and credit card information. It’s like trick-or-treating, but the only candy you get is credit card fraud.

Error: Your Common Sense Was Not Accepted

After victims submit their credit card details, they’re hit with an error message claiming their info wasn’t accepted. The attackers then encourage victims to submit their info multiple times, as if persistence will make the scam any less effective. This little dance ends with the victim being redirected to an HTTP 500 error page, which is basically the internet’s way of saying “Oops, we robbed you.” The attackers are hoping that once victims realize their mistake, they’ll be too busy fixing their credit score to report the crime.

Astaroth: The New Face of Phishing

In another corner of the internet, a new phishing kit named Astaroth is the cybercriminal’s latest toy. Sold for a cool $2,000 on Telegram and cybercrime marketplaces, this kit is like the Swiss Army knife of phishing. It’s got everything a bad actor needs to harvest credentials and bypass 2FA, thanks to its use of an Evilginx-style reverse proxy. Essentially, it plays man-in-the-middle with your login credentials, tokens, and session cookies, making your Gmail, Yahoo, and Microsoft accounts as secure as a house of cards in a windstorm.

Phishing-as-a-Service: Get Scammed on a Subscription

If you thought streaming services were the only thing you could subscribe to, think again. Phishing-as-a-service (PhaaS) is now catering to cyber crooks who prefer to lease rather than own. For a small fee of $2,000, wannabe scammers get six months of updates and bypass techniques, making it easier than ever to harvest credentials without leaving the comfort of their basement. It’s like the Netflix of phishing, except instead of binge-watching, you’re binge-stealing.

All in all, this phishing campaign and the rise of Astaroth highlight the ever-evolving tactics of cybercriminals. They’ve proven that they’re not just sticking around—they’re getting better at their craft. It’s a reminder for all of us to stay vigilant, question every CAPTCHA, and maybe start using bookmarks instead of search engines to find our next read. Because in the digital jungle, it’s the cautious mouse that survives the phishing cat.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?