Hot News :
  • A senior member of the New Patriotic Party (NPP), Joe Gharte.. 4
  • The Minister for Finance, Dr Cassiel Ato Forson, has assured.. 6
  • Ghana marched into the quarter-finals of the TotalEnergies C.. 6
  • The United States Government has donated 14 mine-resistant, .. 6
  • The second edition of the Ghana Business League Awards (GBLA.. 125
  • Today marks the 25th anniversary of Otumfuo Osei Tutu II&#39.. 193
Search
Sign In
  • Home
  • News
    • Financial
    • Business
    • Social
    • Extra
    • Politics
    • Health
    • Education
    • Opinion
    • Religion
    • Science
    • Technology
  • Sports
  • Entertainment
    • Music
    • Movie
    • Gossip
  • Institutions
  • Blogs
  • Classifieds
    • Events
    • Auto
    • Real Estate
    • Announcement
  • Lifestyle
    • Gadgets
    • Recipes
    • Fashion
  • Jobs
  • Contact us
Homenews
Scroll Down for More
technology news

Cybercriminals are using Google reCAPTCHA to hide their phishing attacks

Graham CLULEY Graham CLULEY By Graham CLULEY
01 May 2020
  • 0
  • 787
  • read
  • news, technology
Share This
Article:
Font size:
Write a Comment Report
Print

I doubt any of us would claim to be fans of CAPTCHA – the puzzles that a website asks you to complete to prove if you’re a human being or not.

Unscrambling a distorted graphic to try to read the letters jumbled within, or select only the images containing a traffic night, can be too much of a challenge for some of us to successfully complete on our first (and sometimes even our second and third) attempt.

But they do, of course, lend a hand in keeping automated bots away – helping to prevent them from creating bogus accounts or leave spammy messages on a website comment form.

And, in fairness, modern implementations like Google reCAPTCHA version 3 have changed the way that CAPTCHA systems work, often asking users just to click a box saying “I’m not a robot.” rather than detect all the images with a bicycle.

But researchers at Barracuda say that they are seeing cybercriminals deploying Google’s reCAPTCHA anti-bot tool in an effort to avoid early detection of their malicious campaigns.

As the researchers explain, criminals are using reCAPTCHA walls to block the content of their phishing pages from being scanned by URL scanning services.

In other words, the reCAPTCHA system doesn’t just block malicious bots – it also successfully prevents benign bots, such as an automated system which checks the safety of URLs in an email before a feeble-minded human clicks on them.

In short, automated URL analysis systems cannot access the actual content of the phishing page, and so they are not able to use any of the information contained upon it when assessing if a link is safe to click on or not.

Furthermore, the researchers claim that humans may actually find the presence of a reCAPTCHA test reassuring, and as a consequence find the phishing site more believable.

Barracuda’s team point to a recent phishing campaign sent to over 128,000 email addresses as an example of the technique in operation.

The phishing attack posed as a new voicemail notification, which encouraged recipients to open an attachment to listen to the voice message that they had missed.

The attached file was an HTML file that redirected users to a webpage containing nothing but a Google reCAPTCHA.

Completing the reCAPTCHA resulted in users being redirected to a phishing page, which in this case purported to be the genuine Microsoft login page – but designed to steal passwords.

Remember this – no security solution is likely to be 100% effective, and the presence of a Google reCAPTCHA does not guarantee that what it is protecting can be trusted.

Always exercise careful judgement about where you enter sensitive information, and consider using a password manager.

Good password managers continue to be a strong defence against phishing. A password manager will not prompt you to enter your passwords on a domain that it does not recognise – meaning that even if a phishing site looks like a genuine webpage, it will not offer to enter your credentials unless it recognises the URL in the browser bar. Phishing prevention is one of the best reasons to run a password manager, but often overlooked.

Tags :
Science Technology Business Lifestyle

Source: hotforsecurity bitdefender.com



WHO Admits to Leaked Credentials, Says Number of Cyberattacks Increased Fivefold
Prev article WHO Admits to Leaked Credentials, Says Number of Cyberattacks Increased Fivefold
Mercedes-Benz unveils scale-covered concept car inspired by Avatar movie
Next article Mercedes-Benz unveils scale-covered concept car inspired by Avatar movie
Related Posts
technology
© Image Copyrights Title

US donates armoured vehicles to Ghana

09 May 2025
technology
© Image Copyrights Title

Ghana approves Elon Musk's Starlink

26 Apr 2024
Comments 0
Write a comment
Error!
01. 02. 03. 04.
Reply to Comment
Categories
  • social3
  • politics3
  • business3
  • opinion3
  • sports3
  • education3
  • health3
  • technology3
  • religion3
  • extra3
  • financial3
  • science3
  • diaspora3
  • Classifieds
  • Jobs
Popular Tags
  • Gadgets
  • Popular
OnePlus Nord N20 5G Android Smartphone

OnePlus Nord N20 5G Android Smartphone

  • 11/29/2022
  • 12
  • 173
  • Votes: 0 |NaN out of 5
Fitbit Charge 5

Fitbit Charge 5

  • 11/25/2022
  • 12
  • 159
  • Votes: 0 |NaN out of 5
Moleskine Smart Writing Set 2.0

Moleskine Smart Writing Set 2.0

  • 11/25/2022
  • 12
  • 156
  • Votes: 0 |NaN out of 5
Dyson’s air-purifying headphones

Dyson’s air-purifying headphones

  • 12/13/2022
  • 12
  • 170
  • Votes: 0 |NaN out of 5
View more articles

Resident Manager

P. O. Box Ah 9182, Ahinsan, Ashanti, Ghana +233 27 872 7027 i-desk@allghanadata.com

Categories
  • news
  • institutions
  • entertainment
  • blogs
  • recipes
  • classifieds
Links
  • Home
  • Privacy
  • Classifieds
  • Lifestyle
  • Jobs
  • Sitemap
  • Contact us
Subscribe

©2002-2025 . All rights reserved.
  • Terms & Conditions
  • Privacy Policy
  • Politics
  • Technology
  • Business
  • Sports
  • Science
Our site uses cookies. Learn more about our use of cookies: Cookie policy
Accept Reject
  • Login
  • Register
Lost Your Password?
or

For faster login or register use your social account.

Connect with Google