Hackers are using reCaptcha walls to hide malicious websites, increasing the success rates of their phishing campaigns, a new investigation has found.
According to cybersecurity researchers from Barracuda Networks, using Google’s anti-bot tool reCaptcha, criminals are able to prevent security systems automatically blocking phishing attacks. At the same time, the website looks more legitimate in the eyes of the victim, also increasing the hacker’s chances of success.
Investigating the practice, Barracuda uncovered a phishing campaign comprising some 128,000 emails sent out to different organisations.
For Steve Peake, UK Systems Engineer Manager at Barracuda Networks, the discovery is hardly a surprise, given the ever-increasing sophistication of hackers.
“Fortunately, there are a number of proactive measures employers and business owners can take to prevent a security breach. Most importantly, users must be educated about the threat so they know to be cautious instead of assuming a reCaptcha is a sign that a page is safe," he said.
He also claims that advanced email security solutions would still be able to detect the malicious attempt, even when hidden behind a reCaptcha. "[Although] no security solution will catch everything, and the ability of the users to spot suspicious emails and websites is key."