News Scammers use fake Google reCAPTCHA in phishing attacks


Core

Essential
Joined
21.09.20
Messages
85
Reaction score
262
Points
53
Over the past three months, at least 2.5 thousand fake emails were sent to senior employees of banks and IT companies.

Cybercriminals are sending thousands of phishing emails to Microsoft Office 365 users as part of an ongoing malicious campaign to steal credentials. The attackers give the campaign a look of legitimacy by using a fake Google reCAPTCHA system and landing pages of top-level domains that host the logos of the victims ' companies.

According to Zscaler's ThreatLabZ security research team, over the past three months, at least 2.5 thousand such emails have been sent to high-ranking employees of banks and the IT sector. The emails first redirect the recipients to a fake Google reCAPTCHA page. Google reCAPTCHA is a system for protecting websites from spam and abuse, using the Turing test to distinguish between people and bots.

After passing the fake reCAPTCHA test, users are redirected to a phishing landing page that asks for their Office 365 credentials.

"The attack targets senior business leaders, such as vice presidents and directors, who are likely to have a higher level of access to sensitive company data. The purpose of the campaigns is to steal the victims 'credentials and gain access to the firms' valuable assets, " the experts explained.

Phishing emails are disguised as automated emails from the victims ' unified communications tools, which allegedly contain a voicemail attachment.

The Microsoft service login pages also contain various logos of the companies that the victims work for, such as the software developer ScienceLogic or the office rental company BizSpace.

"After entering your credentials, the phishing campaign will display a fake message that says" Verification was successful." Users are then shown a recording of a voice mail message that they can play back, which allows attackers to avoid suspicion, " the experts said.

The researchers found many phishing pages related to the campaign that were hosted using common top-level domains, such as .xyz, .club, and. online. These top-level domains are commonly used by cybercriminals for spam and phishing attacks.
 
Top Bottom