CyberRescue
  • We're available 24/7!
  • en
    • Polski
    • English
  • Facebook
Menu
  • News
  • Contact us
  • Facebook
  • en

    • Polski
    • English
CAPTCHA used to help phishing websites

CAPTCHA used to help phishing websites

30.04.2020
Comments (0)
Karolina Wrońska
  • Jump to comments
  • Share on linkedin
  • Share on facebook
  • Share on twitter
  • Share on pinterest
  • Jump to top

Fraudsters are using CAPTCHA tool to stop scanning services from discovering they are phishing websites.


You know CAPTCHA? It can be asking you to write letters and numbers on image, select particular images or just simply click ‘I’m not a robot’ box. CAPTCHA is used to keep bogus, automatic accounts from accessing websites, leaving comments, etc. therefore protecting other users and blocking a lot of SPAM.

But recently researchers at Barracuda say they have noticed cybercriminals using the Google reCAPTCHA tool to hide their malicious websites.

 

How does it work?

Every second the Internet is scanned by URL scanning services. These services check the links, access the websites and test them to see if there is anything malicious on them. Of course, it’s an automated process, meaning these services are bots too. So by putting CAPTCHA on a phishing website it blocks scanning bots from actually accessing the website and determining if the link is safe or not.

Moreover, many people link a CAPTCHA tool on a website to it being more secure and legitimate, which is of course wrong.

One case that the researchers discovered is a phishing campaign trying to get login credentials for Microsoft. In mail there was an attachment with a link to the website containing the CAPTCHA. This way the scanning device is stopped on this step and cannot determine if a website is safe or not. After checking the ‘I’m not a robot’ box the user is transferred to a fake Microsoft login account and his credentials may be stolen.

 

Remember to:

  • always check the message if it’s suspicious,
  • don’t think of CAPTCHA as a safety measure,
  • use password manager – it can easily spot a fake website from real and will not autofill login and password. It’s a great detection tool.

 

Source

Good to know!
Share on twitterShare on facebookShare on pinterestShare on Linkedin
Tags:
  • phishing,
  • captcha,
  • research,
  • bot
Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Sidebar

Cyber News

  • Google Play Store is banning apps with hidden stalkerware
  • Amazon Prime scam is back!
  • Fraudsters are using fake social media websites to gain access to companies
  • Brave browser used affiliate links on users
  • Scammers try to bypass Office 365 multi-factor authentication
  • Windows Search problem looks like a virus
  • Anubis malware lets attackers know if you’re looking at the screen
  • Serious flaw in Samsung Galaxy
  • Contact-tracing apps – what are they and how can they help?
  • CAPTCHA used to help phishing websites
  • Spyware campaign in Google Play store
  • Ransomware campaign hits Germany

See all

Latest Posts

  • Twitter Hack of the century
  • What’s a two-factor authentication?
  • How to care for your phone in hot weather? 3 simple Cyber Tips.
  • The 76 Cyber Fires put out by CyberRescue!
  • Be a conscious parent! How to keep your child safe on the Internet.
  • What Facebook knows about you?

Zobacz wszystkie

  • Privacy Policy
  • More about CyberRescue
CyberRescue © 2023
powered by  AIO collective