¿ªÔÆÌåÓý

ctrl + shift + ? for shortcuts
© 2025 Groups.io
  1. Iomug
  2. Messages
Single Messages Topics Expanded Polls

Re: New Phishing campaign

 

Thank you, Dutch, for this article.

?I encountered this two nights ago on my phone. I use¡­

¡ª iPhone 14 Pro
¡ª iOS 18.3.2 (current)
¡ª Brave Browser on above device
¡ª StartPage search engine (by Brave)
¡ª Settings: deny permission to allow cross-website tracking.

Side note, on Randy Singer¡¯s recommendation, I have been using Brave on my Mac mini and my iPhone as my default browser for a number of years.

So - I stopped by Home Depot on the way home Wednesday night to check details on an electric water pump. I did not tie into the store Wi-Fi or anything else nearby, I only used cell data (Patriot Mobile, a Verizon MVNO).

I punched up Brave, typed in homedepot.com, but the Home Depot website was very slow to respond (which often happens when I¡¯m not on a Wi-Fi network).

So I opened a second Brave browser page, which by default opens to StartPage; typed in the name of the pump I wanted details on, and as the search began, suddenly there was a StartPage request to verify my identity by typing in a CAPTCHA code.

This was not a sudden splash screen that appears over on top of a webpage or another intrusion that entirely redraws the screen or opens a new page, all of which are obvious signs of a pfishing attack, and which happen from time to time. (I never fall for it.)

This was a new thing: The CAPTCHA code request was presented within the Brave StartPage window, as though Brave itself was asking for verification.

This is the first time on either platform I have ever encountered any CAPTCHA request or interruption like this purporting to be directly from Brave or StartPage itself. After so many years of using this browser and the search engine it provides, why all of a sudden now? It just didn¡¯t smell right.

(Like everyone else, I have encountered legitimate appearances of CAPTCHA many times when dealing with mainstream shopping and financial management sites and so forth.)

More out of my impatience than my brilliance at recognizing a new form of pfishing attack, I didn¡¯t take the bait, I just quit Brave, took a picture of the pump I was curious about and went home.

Now I read this article.

I don¡¯t know what may have been compromised had I entered the CAPTCHA code, but sometimes it pays to be lazy.

Speaking of, it¡¯s almost nap time¡­

Michael
Join [email protected] to automatically receive all group messages.