Microsoft Phishing Page Bypasses Automated Detection Using Captcha

According to this link,, a new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs).

  • The attackers were after credentials for Microsoft accounts and created a page that mimics the original for selecting an account and logging in
  • This is served after completing the human verification step. Needless to say that anything typed in the text fields is automatically sent to the attacker
  • According to the researchers, the email delivering the phishing link is from a compromised account from ‘‘ and pretends to be a notification for voicemail message