Phishing threat actors have now found a new technique to bypass the secure email gateway(SEG). This time, they are using the Captcha to prove human presence, while preventing any red flags from the email security gateway.

Discovered by researchers from Cofense, the attack is initiated by sending a phishing email from a compromised account ‘@avis.ne.jp’. The email pretends is disguised as a notification for a voicemail message.

The victim is asked to preview the alleged communication by clicking on a button included in the email. This button, when clicked, takes the victim to the page with the Captcha code.