Security researchers revealed a new email phishing technique where the hackers are increasingly using real reCAPTCHA walls to bypass security scanners and trick potential victims into phishing.
The reCAPTCHA walls are commonly used by legitimate companies as a progressive mechanism for challenging the user to test if they are a bot. The mechanism also protects applications against malicious bots and content scraping.
According to recent findings by the Security firm Barracuda Networks, many ongoing email credential phishing campaigns are now integrating these real reCAPTCHA walls to make a phishing site look more legitimate in the eyes of the targeted victim.
The security solutions provider also observed a huge number of phishing campaigns in recent weeks.
One of the campaigns had more than 128,000 emails using this technique to later display a fake Microsoft login page used for stealing the user credentials.
As shown in below image, the phishing email displays a voicemail notification from Microsoft asking to click on the attached HTML file to be able to listen to the voicemail.
If a user clicks on that HTML file, it redirects to the page with a reCAPTCHA wall.
“The page doesn’t contain anything other than the reCAPTCHA, but this is a fairly common format for legitimate reCAPTCHAs as well, so it isn’t likely to raise red flags for a user,” researchers said.
“Once the user solves the reCAPTCHA in this campaign, they are redirected to the actual phishing page, which spoofs the appearance of a common Microsoft login page”.
As you can see, this fake page looks almost similar to the legitimate Microsoft login page.
Due to COVID-19 Outbreak, the current situation of remote work is in danger where the cybercriminals are more active and ramping up with their tactics to take advantage of those who have inadequate security postures implemented.
Ratan Jyoti, Chief Information Security Officer at Ujjain Small Finance Bank, argued that awareness to all employees is the key to fight against attacks such as this. There should be regular training for the employee.
“Today we have many ways to simulate such attack and analyze user behavior and provide customized training to each employee,” he added. “Since the threat landscape continues to evolve, simulated attacks and training are most effective. Consistency of these trainings is the most important weapon for any organization.”
The Barracuda report also suggested that “the most important step in protecting against malicious reCAPTCHA walls is to educate users about the threat so they know to be cautious instead of assuming a reCAPTCHA is a sign that a page is safe. Users should exercise scrutiny when seeing reCAPTCHA walls, especially in unexpected places where legitimate walls have not been encountered in the past.”