Phishing Attack Uses Fake Google reCAPTCHA

Phishing Attack Uses Fake Google reCAPTCHA
Zscaler Says it Prevented Over 2,500 Phishing Attacks Akshaya Asokan (asokan_akshaya) • March 7, 2021     Attackers steal login credentials via fake Google reCAPTCHA screens. Photo: Pixabay

A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zscaler says. The company adds it prevented more than 2,500 phishing emails tied to the campaign.

See Also: Illumination Summit: Poker & Cybersecurity: A Game of Skill, Not Luck

Zscaler's threat research team, ThreatLabZ, which identified the latest campaign, notes the phishing attack has been active since December 2020 and mainly targeted senior employees in the banking sector.

Attack Tactics

The campaign begins with attackers sending victims phishing emails that appear to come from a unified communications system used for streamlining corporate communication. This email contains a malicious email attachment.

Once the victims open the attached HTML file, they are redirected to a .xyz phishing domain which is disguised as a legitimate Google reCAPTCHA page in order to trick the users.

After the reCAPTCHA is verified, the victims are send to a fake Microsoft login phishing page. Once the victims have entered their login credentials on the attackers' site, a fake message "validation successful," is prompted to add legitimacy to the campaign.

"These attacks can be categorized as BEC although the sender, in this case, involves use of popular unified communication systems used by the organizations," Gayathri Anbalagan, the lead researcher on the Zscaler study points out. "We a ..