Malicious Use of reCaptcha

Image Source: Wikipedia

Cybersecurity and cybercrime have an unbreakable bond. However, in this cyber battle, hackers continue to find new ways to evade the spotlight.

More than just hacking, researchers at Barracuda have discovered new techniques in phishing campaigns that use the human identification system called “reCAPTCHA”. Most of you are familiar with the annoying images of clicking images of crossroads, light signals and bridges.

Well there’s a reason for it – The website is trying to determine whether you’re a real human accessing the website or a bot created by the hackers to scrape content.

reCaptcha walls are being used on the email credentials phishing campaigns in order to eliminate automated URL analysis from accessing the content on phishing pages.

This process makes phishing sites more recognizable in the eyes of the end user that attempts to login.

The reCaptcha method is increasingly gaining popularity considering its success in the internet world. However, some security campaigns only contain a checkbox and a form. Although that’s not the most secure method, it still deters risk to some extent.

According to recent research, Barracuda researchers have been encountering a decrease in fake reCaptcha gateways. A report can be found “here”, when the researchers discovered only ONE email fake reCaptcha box, as compared to more than 100,000 emails.

What Precautions to Take Against This Threat:

Be cautious of fake reCaptcha gateways and thoroughly check for suspicious emails senders leading to email phishing campaigns. Corporations should organize security awareness training for employees helping them recognize and tackle a possible cyberattack.

Cybersecurity will never be fully secure. Therefore, vigilance is key.