Hackers are now using real reCAPTCHA walls in ongoing phishing campaigns

Hackers are now using real reCAPTCHA walls in ongoing phishing campaigns

Security researchers revealed a new email phishing technique where the hackers are increasingly using real reCAPTCHA walls to bypass security scanners and trick potential victims into phishing.

The reCAPTCHA walls are commonly used by legitimate companies as a progressive mechanism for challenging the user to test if they are a bot. The mechanism also protects applications against malicious bots and content scraping.

According to recent findings by the Security firm Barracuda Networks, many ongoing email credential phishing campaigns are now integrating these real reCAPTCHA walls to make a phishing site look more legitimate in the eyes of the targeted victim.

See Also: GitHub accounts are being targeted in an ongoing phishing campaign

The security solutions provider also observed a huge number of phishing campaigns in recent weeks.

One of the campaigns had more than 128,000 emails using this technique to later display a fake Microsoft login page used for stealing the user credentials.

As shown in below image, the phishing email displays a voicemail notification from Microsoft asking to click on the attached HTML file to be able to listen to the voicemail.

Phishing email with a fake voicemail note by Microsoft
Image 1 (Barracuda Networks): Phishing email with a fake voicemail note by Microsoft

If a user clicks on that HTML file, it redirects to the page with a reCAPTCHA wall.

“The page doesn’t contain anything other than the reCAPTCHA, but this is a fairly common format for legitimate reCAPTCHAs as well, so it isn’t likely to raise red flags for a user,” researchers said.

Phishing email with a fake voicemail note by Microsoft (reCAPTCHA WALL)
Image 2 (Barracuda Networks): reCAPTCHA wall used in phishing campaign

“Once the user solves the reCAPTCHA in this campaign, they are redirected to the actual phishing page, which spoofs the appearance of a common Microsoft login page”.

As you can see, this fake page looks almost similar to the legitimate Microsoft login page.

(Barracuda Networks): Fake Microsoft Login Phishing Page
Image 3 (Barracuda Networks): Fake Microsoft Login Phishing Page

Due to COVID-19 Outbreak, the current situation of remote work is in danger where the cybercriminals are more active and ramping up with their tactics to take advantage of those who have inadequate security postures implemented.

Ratan Jyoti, Chief Information Security Officer at Ujjain Small Finance Bank, argued that awareness to all employees is the key to fight against attacks such as this. There should be regular training for the employee.

“Today we have many ways to simulate such attack and analyze user behavior and provide customized training to each employee,” he added. “Since the threat landscape continues to evolve, simulated attacks and training are most effective. Consistency of these trainings is the most important weapon for any organization.”

The Barracuda report also suggested that “the most important step in protecting against malicious reCAPTCHA walls is to educate users about the threat so they know to be cautious instead of assuming a reCAPTCHA is a sign that a page is safe. Users should exercise scrutiny when seeing reCAPTCHA walls, especially in unexpected places where legitimate walls have not been encountered in the past.”


Share with your friends:

One Reply to “Hackers are now using real reCAPTCHA walls in ongoing phishing campaigns”

Leave a Reply

Your email address will not be published. Required fields are marked *