Phishing Attack Uses Fake Google reCAPTCHA

Zscaler Says It Prevented Over 2,500 Phishing Attacks
Phishing Attack Uses Fake Google reCAPTCHA
Attackers steal login credentials via fake Google reCAPTCHA screens. (Source: Pixabay)

A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zscaler says. The company says it prevented more than 2,500 phishing emails tied to the campaign.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Zscaler's threat research team, ThreatLabZ, which identified the latest campaign, notes the phishing attack has been active since December 2020 and mainly targeted senior employees in the banking sector.

Attack Tactics

The campaign begins with attackers sending victims phishing emails that appear to come from a unified communications system used for streamlining corporate communication. This email contains a malicious email attachment.

Once the victims open the attached HTML file, they are redirected to a .xyz phishing domain which is disguised as a legitimate Google reCAPTCHA page in order to trick the users.

After the reCAPTCHA is verified, the victims are send to a fake Microsoft login phishing page. Once the victims have entered their login credentials on the attackers' site, a fake message "validation successful," is prompted to add legitimacy to the campaign.

"These attacks can be categorized as BEC [business email compromise] although the sender, in this case, involves use of popular unified communication systems used by the organizations," Gayathri Anbalagan, the lead researcher on the Zscaler study points out. "We are not able to attribute this campaign to a specific threat actor, but looking at the operational theme and the target profiles, it is likely to be a single coordinated campaign."

Social Engineering Campaign

Since the pandemic began, hackers have been relying on advanced social engineering tactics for credential theft.

In January, security firm Trend Micro uncovered a targeted phishing campaign that used a fake Microsoft Office 365 update to steal email credentials from business executives (see: Phishing Campaign Features Fake Office 365 Update).

In August 2020, Trend Micro uncovered a business email compromise scam that targeted the Office 365 accounts of business executives at more than 1,000 companies worldwide (see: BEC Scam Targets Executives' Office 365 Accounts).

In July 2020, a report by security firm Abnormal Security found hackers were mimicking automated messages from Microsoft SharePoint for a phishing campaign that attempts to steal Office 365 credentials (see: Phishing Campaign Uses Fake SharePoint Alerts).

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.