Barracuda Networks announced the April Threat spotlight. The researchers have noticed frequent use of fake Microsoft reCaptcha walls in phishing campaigns to block URL scanning services from accessing the actual content of phishing pages.
The battle between cybersecurity and cybercrime is never-ending where criminals continue to find new techniques to evade detection. reCaptcha walls are commonly used by legitimate companies to deter bots from scraping content. Considering that the end users are familiar with being asked to solve a reCaptcha and prove they aren’t a robot, malicious use of a real reCaptcha wall also lends more credibility to the phishing site, making users more likely to be tricked.
In the samples examined, Barracuda researchers have observed multiple email credential phishing campaigns using reCaptcha walls on links in phishing emails. The campaign had more than 128,000 emails using this technique to obscure fake Microsoft login pages.
The phishing emails contain an HTML attachment that redirects to a page with just a reCaptcha wall. Once the user solves the reCaptcha in this campaign, they are redirected to the actual phishing page, which spoofs the appearance of a common Microsoft login page. While some campaigns simply spoof the reCaptcha box and contain just a checkbox and a form, the use of the actual reCaptcha API is becoming increasingly common. This approach is undoubtedly more effective in deterring automated scanners because a fake reCaptcha box could easily be programmatically bypassed by simply submitting the form.
Speaking on the threat highlight, Mr. Murali Urs, Country Manager, India of Barracuda Networks, commented, “Since the beginning of the global COVID-19 pandemic, we began observing a shift in the attack tactics deployed by cybercriminals. While this attack method is not new anymore, mal-actors can still succeed in deceiving the end-users into installing malware on their devices as this is a common format for legitimate reCaptchas as well. Clearly, the most important step in this situation is to educate users about the threat so they know when to be cautious instead of assuming reCaptcha as a safe sign to visit a page. While the malicious use of reCaptcha may make it harder for automated URL analysis to spot an attack, our email protection solutions can detect the same. Regardless, it is the ability of the users to spot suspicious emails and websites that can reduce the occurrence of such attacks.”
Users should exercise scrutiny by checking for suspicious senders, URLs, and attachments. This can help them in spotting the attack before they get to the reCaptcha. Barracuda Networks aims to provide security awareness training to users to establish a solid foundation in recognizing and reporting any kind of phishing attacks., the email itself still a phishing attack and may be detected by email protection solutions.