It’s about time this technique comes in.. Content Security’s forecast that phishing with captcha would be an emerging fraudulent techniques.

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) used to protect web sites against abusive automated softwares that can register, spam, login, or even splog. However, now a days that isn’t the case anymore.

Just like the traditional PayPal phish, the web page http://{BLOCKED}www.security-paypal.citymax.com/paypal_security.htmlasks the user to provide feedback from their Shopping by asking for their Name, E-mail Address and PayPal password as seen in Figure 1.

Figure 1: Screenshot of bogus PayPal phishing Feedback page

After which, a CAPTCHA image is shown and requires the user to enter the code indicated for spam prevention. However, after entering the user’s personal information, this could be used to
create bogus mail accounts, among other things.

The phishing URL is already blocked by Trend Micro’s Smart Protection Network.