New Scam Alert: Fraudsters Are Asking For Selfies and Videos

Netcraft has identified a card payment-themed phishing page that appears to go beyond conventional credential theft. Instead of asking victims to enter card details, the page attempts to persuade them to grant access to their camera, microphone, location, and device information under the guise of “fund verification”. This makes the campaign an example of camera-first phishing: a social engineering attack where browser permissions, rather than typed credentials, become the primary collection channel.

Netcraft’s analysis indicates that the operator is primarily interested in live facial images, short videos, GPS location, IP address, and device metadata.

One observed variant attempts to activate the victim’s front-facing camera as soon as the page loads. If permission is granted, the page hides the video feed from the user, draws frames from the live camera stream onto a hidden canvas, converts those frames into JPEG images, and sends them to a Telegram bot.

The campaign does not appear to exploit a browser vulnerability. Instead, it abuses legitimate browser APIs and relies on social engineering to obtain consent.