Comments
Barracuda Networks, a provider for cloud-enabled security solutions, on May 1 announced the April Threat spotlight.
The researchers have noticed the frequent use of fake Microsoft reCaptcha walls in phishing campaigns to block URL scanning services from accessing the actual content of phishing pages, the organization mentioned in its official release.
The organization stated that the battle between cybersecurity and cybercrime is never-ending where criminals continue to find new techniques to evade detection. Recaptcha walls are commonly used by legitimate companies to deter bots from scraping content. Considering that the end-users are familiar with being asked to solve a reCaptcha and prove they aren’t a robot, malicious use of a real reCaptcha wall also lends more credibility to the phishing site, making users more likely to be tricked.
Observations
In the samples examined, Barracuda researchers have observed multiple email credential phishing campaigns using reCaptcha walls on links in phishing emails. The campaign had more than 128,000 emails using this technique to obscure fake Microsoft login pages.
The researchers informed that the phishing emails contain an HTML attachment that redirects to a page with just a reCaptcha wall. Once the user solves the reCaptcha in this campaign, they are redirected to the actual phishing page, which spoofs the appearance of a common Microsoft login page.
While some campaigns simply spoof the reCaptcha box and contain just a checkbox and a form, the use of the actual reCaptcha API is becoming increasingly common. This approach is more effective in deterring automated scanners because a fake reCaptcha box could easily be programmatically bypassed by simply submitting the form, Barracuda Networks noted.
Speaking on the threat highlight, Murali Urs, Country Manager, India of Barracuda Networks, commented: “Since the beginning of the global COVID-19 pandemic, we began observing a shift in the attack tactics deployed by cybercriminals. While this attack method is not new anymore, mal-actors can still succeed in deceiving the end-users into installing malware on their devices as this is a common format for legitimate reCaptchas as well.”
Need to educate users
According to Murali, the most important step in this situation is to educate users about the threat so they know when to be cautious instead of assuming reCaptcha as a safe sign to visit a page. While the malicious use of reCaptcha may make it harder for automated URL analysis to spot an attack, our email protection solutions can detect the same. “Regardless, it is the ability of the users to spot suspicious emails and websites that can reduce the occurrence of such attacks,” he added.
Steps to prevent such threats
The organization urged users to scrutinize suspicious senders, URLs, and attachments. This can help them in spotting the attack before they get to the reCaptcha. Barracuda Networks aims to provide security awareness training to users to establish a solid foundation in recognizing and reporting any kind of phishing attacks., the email itself still a phishing attack and may be detected by email protection solutions.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.