Cybercriminals are using legitimate reCaptcha walls to disguise malicious content from email security systems, according to research from a cloud-enabled security firm.
The reCaptcha walls prevent email security systems from blocking phishing attacks and make the phishing site more believable in the eyes of the user.
Typically, ReCaptcha walls are used to verify human users before allowing access to web content. Scammers have begun using the Google-owned service to prevent automated URL analysis systems from accessing the actual content of phishing pages.
The research, published by Barracuda Networks, showed that one phishing campaign had sent out more than 128,000 emails to various organisations and employees using reCaptcha walls to conceal fake Microsoft login pages.
The phishing emails indicated that the user has received a voicemail message.
Once the reCaptcha was solved, the user was redirected to the actual phishing page, which spoofs the appearance of a common Microsoft login page. Any entered login information is sent straight to the cyber scammers, who will likely use this information to hack into the real Microsoft accounts.
Steve Peake, UK Systems Engineer Manager, Barracuda Networks commented: “In this difficult time, it is no surprise to see that cyber scammers are seeking increasingly sophisticated methods of stealing log-in credentials and data from unsuspecting, remote workers.
“Fortunately, there are a number of proactive measures employers and business owners can take to prevent a security breach. Most importantly, users must be educated about the threat, so they know to be cautious instead of assuming a reCaptcha is a sign that a page is safe.
“Furthermore, whilst reCaptcha based scams make it harder for automated URL analysis to be conducted, sophisticated email security solutions can still detect these phishing attacks using AI-based email protection solutions.
“Ultimately, however, no security solution will catch everything, and the ability of the users to spot suspicious emails and websites is key.”
- From Surviving to Thriving: The Future of Work in a Post-COVID Digital World
- ‘Scottish Tech Army’ Calls on Digital Experts to Combat COVID-19
- TAQA’s Modern Workplace Strategy is Helping it Weather the Onset of COVID-19
Phishing attacks have increased rapidly, particularly during the COVID-19 pandemic where the subject is being used to fool unsuspecting and concerned users into handing over personal data.
A report on safe browsing by Google from March of this year showed that the number of active phishing website jumping from 149,195 in January up to 522,495 in March—a 350% increase.
The technology industry is particularly vulnerable to such attacks, according to a report by hacker-powered security platform HackerOne from February 2020, which collected data from more than 3,150 people who had reported one or more valid security vulnerabilities on their platforms.
Of those polled, 18% said that the tech industry is falling behind in terms of its cybersecurity, followed by government (16%) and finance (14%).
HackerOne CEO Marten Mickos said: “Hackers represent a global force for good, coming together to help address the growing security needs of our increasingly interconnected society.
“The community welcomes all who enjoy the intellectual challenge to creatively overcome limitations. Their reasons for hacking may vary, but the results are consistently impressing the growing ranks of organisations embracing hackers through crowd-sourced security — leaving us all a lot safer than before.”