Breaking
extra newsTwitter has suspended President Donald Trump from its platform, the company said.. 13
extra newsFacebook CEO Mark Zuckerberg said in a post that the social media giant was bann.. 21
politics newsThis was after he beat Professor Aaron Mike Quaye, the Speaker of the Seventh Pa.. 18
politics newsNana Akufo-Addo took the Presidential Oath and the Oath of Allegiance administer.. 19
technology newsAn Elasticsearch database with over 380 million records, including login credent.. 41
science newsHe Jiankui, the Chinese researcher who stunned the world last year by announcing.. 48
  • Photo Gallery
  • Contact us
  • Login
  • Covid19 Cases
  • Confirmed
  • Deaths
  • Recovered
  • Recovery(%)
Weather Ghana, °C
392 954 118 1.9k
Show Menu
  • Home
  • News
    • Financial
    • Business
    • Social
    • Extra
    • Politics
    • Health
    • Education
    • Opinion
    • Religion
    • Science
    • Technology
  • Sports
  • Entertainment
    • Music
    • Movie
    • Gossip
  • Institutions
  • Blogs
  • Classifieds
    • Events
    • Auto
    • Real Estate
    • Announcement
  • Lifestyle
    • Gadgets
    • Recipes
  • Ghana
    • eDocuments
  • Jobs
  • Contact us

Cybercriminals are using Google reCAPTCHA to hide their phishing attacks

Graham CLULEY 01 May 2020 343 news, technology


I doubt any of us would claim to be fans of CAPTCHA – the puzzles that a website asks you to complete to prove if you’re a human being or not.

Unscrambling a distorted graphic to try to read the letters jumbled within, or select only the images containing a traffic night, can be too much of a challenge for some of us to successfully complete on our first (and sometimes even our second and third) attempt.

But they do, of course, lend a hand in keeping automated bots away – helping to prevent them from creating bogus accounts or leave spammy messages on a website comment form.

And, in fairness, modern implementations like Google reCAPTCHA version 3 have changed the way that CAPTCHA systems work, often asking users just to click a box saying “I’m not a robot.” rather than detect all the images with a bicycle.

But researchers at Barracuda say that they are seeing cybercriminals deploying Google’s reCAPTCHA anti-bot tool in an effort to avoid early detection of their malicious campaigns.

As the researchers explain, criminals are using reCAPTCHA walls to block the content of their phishing pages from being scanned by URL scanning services.

In other words, the reCAPTCHA system doesn’t just block malicious bots – it also successfully prevents benign bots, such as an automated system which checks the safety of URLs in an email before a feeble-minded human clicks on them.

In short, automated URL analysis systems cannot access the actual content of the phishing page, and so they are not able to use any of the information contained upon it when assessing if a link is safe to click on or not.

Furthermore, the researchers claim that humans may actually find the presence of a reCAPTCHA test reassuring, and as a consequence find the phishing site more believable.

Barracuda’s team point to a recent phishing campaign sent to over 128,000 email addresses as an example of the technique in operation.

The phishing attack posed as a new voicemail notification, which encouraged recipients to open an attachment to listen to the voice message that they had missed.

The attached file was an HTML file that redirected users to a webpage containing nothing but a Google reCAPTCHA.

Completing the reCAPTCHA resulted in users being redirected to a phishing page, which in this case purported to be the genuine Microsoft login page – but designed to steal passwords.

Remember this – no security solution is likely to be 100% effective, and the presence of a Google reCAPTCHA does not guarantee that what it is protecting can be trusted.

Always exercise careful judgement about where you enter sensitive information, and consider using a password manager.

Good password managers continue to be a strong defence against phishing. A password manager will not prompt you to enter your passwords on a domain that it does not recognise – meaning that even if a phishing site looks like a genuine webpage, it will not offer to enter your credentials unless it recognises the URL in the browser bar. Phishing prevention is one of the best reasons to run a password manager, but often overlooked.






Source: hotforsecurity bitdefender.com



Prev article
Next article

0 Comments

view all comments

Related

technology news

Over 300,000 Spotify Accounts Compromised in Credential-Stuffing Attack 41

technology news

WHO Admits to Leaked Credentials, Says Number of Cyberattacks Increased Fivefold 304

technology news

NASA has developed an experimental fully electric plane with 14 motors on its wings 42

technology news

Facebook is getting a major redesign, and you can switch to it right now 56

technology news

Renault unveils shapeshifting Morphoz concept car 292

Gadget Reviews

Bevy photo-sharing device 222

Gadget Votes: 1 |5 out of 5
1/7/2016

Samsung's Family Hub Fridge 263

Gadget Votes: 1 |5 out of 5
1/7/2016

oombrella 250

Gadget Votes: 1 |3 out of 5
1/29/2016
View more articles

Tag Cloud

social politics business opinion sports education health technology religion extra science Classifieds Jobs

Photo Gallery

Send Email

Write a Comment


Resident Manager

All Ghana Data, P. O. Box Ah 9182, Ahinsan, Ashanti, Ghana
+233 27 872 7027
i-desk@allghanadata.com

Popular Articles

Idris Elba almost died in Ghana466

27 Nov 2015

Lucky Dube’s Daughter To Rock Ghana1686

16 Nov 2011
View more articles

Popular Categories

  • news
  • institutions
  • entertainment
  • blogs
  • recipes
  • classifieds

Random Selfies Feed

View Gallery
  • Home
  • Privacy
  • Classifieds
  • Lifestyle
  • Jobs
  • Sitemap
  • Contact us

©Copyright 2002-2021 All Ghana Data All Rights Reserved | Powered by SASCMS