Security News > 2020 > May > Surge in phishing attacks using legitimate reCAPTCHA walls
Cyber scammers are starting to use legitimate reCAPTCHA walls to disguise malicious content from email security systems, Barracuda Networks has observed.
The reCAPTCHA walls prevent email security systems from blocking phishing attacks and make the phishing site more believable in the eyes of the user.
ReCAPTCHA walls are typically used to verify human users before allowing access to web content, thus sophisticated scammers are starting to use the Google-owned service to prevent automated URL analysis systems from accessing the actual content of phishing pages.
Researchers observed that one email credential phishing campaign had sent out more than 128,000 emails to various organizations and employees using reCAPTCHA walls to conceal fake Microsoft login pages.
"Furthermore, whilst reCAPTCHA based scams make it harder for automated URL analysis to be conducted, sophisticated email security solutions can still detect these phishing attacks using AI-based email protection solutions. Ultimately no security solution will catch everything, and the ability of the users to spot suspicious emails and websites is key."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/alUy9dBABBY/
Related news
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)