Fake Google reCAPTCHA Now Rampant! How Hackers Attack Victims

Security experts said that Fake Google reCAPTCHA is now becoming more rampant than ever. They said that there is currently a new Microsoft-themed phishing campaign that is using phony Google reCAPTCHA.

Fake Google reCAPTCHA Now Rampant! How Hackers Attack Victims
In this photo illustration, The Google logo is projected onto a man on August 09, 2017 in London, England. Founded in 1995 by Sergey Brin and Larry Page, Google now makes hundreds of products used by billions of people across the globe, from YouTube and Android to Smartbox and Google Search. Photo by Leon Neal/Getty Images

According to Bank Info Security's latest report, fake Google reCAPTCHA hacking allows malicious attackers to steal credentials from senior employees of various organizations. The security firm Zscaler is the first one that discovered this new technique.

On the other hand, the security company said that it prevented more than 2,500 phishing emails tied to the campaign. ThreatLabZ, Zscaler's threat research team, said that it had identified the latest phishing campaign.

The security researchers added that the current phishing attack has been active since December 2020 and mainly targeted senior employees in the banking sector.

How fake Google reCAPTCHA works

The rampant hacking technique works when hackers and other online attackers send phishing emails to their victims. These messages will then appear to come from a unified communications system used for streamlining corporate communication. They also contain a malicious email attachment.

Fake Google reCAPTCHA Now Rampant! How Hackers Attack Victims
A logo sits illumintated outside the Google booth on day 2 of the GSMA Mobile World Congress 2019 on February 26, 2019 in Barcelona, Spain. The annual Mobile World Congress hosts some of the world's largest communications companies, with many unveiling their latest phones and wearables gadgets like foldable screens and the introduction of the 5G wireless networks. Photo by David Ramos/Getty Images

The victims are redirected to a ".xyz" phishing domain which is disguised as a legitimate Google reCAPTCHA page when they open the attached HTML file. This process is specifically created to fool thousands of users.

After that, the victims are directed to a fake Microsoft login phishing page once the reCAPTCHA is verified. The hackers and other online attackers will then steal their login credentials once they entered them on the fake website. The cybercriminals will then send a fake message which reads "validation successful," which makes them look more legitimate.

Why is reCAPTCHA

Whispir explained that reCAPTCHA is important because it prevents a different kind of spam. It is considered a prevalent tool in online submission forms that prevent spam and abuse from entering a website. It is also the tool that allows the website to know if the one accessing their service is a person or a machine. You can click here for more info.

For more news updates about other security issues, always keep your tabs open here at TechTimes.

This article is owned by TechTimes.

Written by: Giuliano de Leon.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics