Bad Actors Are Now Leveraging Google's reCaptcha Checks To Raise Phishing Attack Success Rate

Barracuda Networks, a cloud-enabled security solution, has discovered that hackers have now found a new way to disguise malware from email security networks, and they are currently using legitimate reCaptcha walls to increase the effectiveness of their phishing attacks.

During the phishing attacks, cybercriminals can restrict email security systems from automatically blocking the phishing campaigns using the reCaptcha walls. This makes the phishing site more authentic in the eyes of the victim. The Google-owned service reCaptcha check is typically used to verify whether a human or bot is surfing through the website before providing access to the content available on the web. So, cybercriminals have started to use Google’s anti-bot tool reCaptcha, which blocks the automated URL scanning services from scanning the actual content available on their malware pages. In simple words, we can say that the computerized URL analysis systems are unable to access the content of these malware pages to assess whether the link/page and its content is safe to click or not.

The researchers at Barracuda networks have discovered an email credential phishing campaign comprising of more than 128,000 emails that were sent to different organizations and employees. The phishing emails sent by hackers in this phishing campaign posed as a new voicemail message. This encouraged the user to open an attachment to listen to the voicemail. The attachment file redirects the recipient to a webpage containing a Google reCaptcha. Upon solving the Google reCaptcha, the recipient is redirected to the actual malware page. This phishing page appears as a regular Microsoft login page but is designed to steal the login credentials.

The unsuspecting recipient will be unaware that cybercriminals will steal any login credentials they will enter on that phishing page. The stolen information is more likely to be used to hack into the real Microsoft account of the victim. Barracuda Networks's Steve Peake, states that the discovery is of no surprise for him as the hackers are becoming increasingly sophisticated. He warned that the hackers are always seeking advanced methods to steal information and login credentials from unsuspecting workers operating remotely.


Peake said that fortunately, there are various methods available which employers and other business owners can use to prevent possible cyber-attacks or a security breach. According to Peake, organizations need to educate users about the threat. Educating the users will make sure that they are cautious rather than assuming the Google reCaptcha is a sign that a site is fully safe to surf.

Furthermore, Peake states that although automated URL scanning systems are unable to conduct analysis on reCaptcha based cyber-attacks, sophisticated email security systems can still recognize these attacks with the help of email security solutions based on artificial intelligence. In the end, he said that there is no security system available that can catch everything. Peake concluded that the ability of a person to detect whether a website or an email is suspicious or not is the key.



Read next: Crooks Are Openly Selling People’s Personal Data on Facebook and Twitter
Previous Post Next Post