Researchers report malicious use of reCaptcha walls in 1,28, 000 emails as part of a multi-phishing campaign

•    Phishing campaigns impersonate Microsoft in attacks to prevent automated URL analysis systems from accessing the actual content of phishing pages
• multiple phishing campaigns were undertaken; each attacking more than 128,000 emails using reCaptcha walls
• Researchers aim to educate users about the threat and ways to recognize suspicious emails and websites

Barracuda Networks, the trusted partner and leading provider for cloud-enabled security solutions, today announced the April Threat spotlight. The researchers have noticed frequent use of fake Microsoft reCaptcha walls in phishing campaigns to block URL scanning services from accessing the actual content of phishing pages.

The battle between cybersecurity and cybercrime is never-ending where criminals continue to find new techniques to evade detection. reCaptcha walls are commonly used by legitimate companies to deter bots from scraping content. Considering that the end users are familiar with being asked to solve a reCaptcha and prove they aren’t a robot, malicious use of a real reCaptcha wall also lends more credibility to the phishing site, making users more likely to be tricked.

In the samples examined, Barracuda researchers have observed multiple email credential phishing campaigns using reCaptcha walls on links in phishing emails. The campaign had more than 128,000 emails using this technique to obscure fake Microsoft login pages.

The phishing emails contain an HTML attachment that redirects to a page with just a reCaptcha wall. Once the user solves the reCaptcha in this campaign, they are redirected to the actual phishing page, which spoofs the appearance of a common Microsoft login page. While some campaigns simply spoof the reCaptcha box and contain just a checkbox and a form, the use of the actual reCaptcha API is becoming increasingly common. This approach is undoubtedly more effective in deterring automated scanners because a fake reCaptcha box could easily be programmatically bypassed by simply submitting the form.

Speaking on the threat highlight, Mr. Murali Urs, Country Manager, India of Barracuda Networks, commented, “Since the beginning of the global COVID-19 pandemic, we began observing a shift in the attack tactics deployed by cybercriminals. While this attack method is not new anymore, mal-actors can still succeed in deceiving the end-users into installing malware on their devices as this is a common format for legitimate reCaptchas as well. Clearly, the most important step in this situation is to educate users about the threat so they know when to be cautious instead of assuming reCaptcha as a safe sign to visit a page. While the malicious use of reCaptcha may make it harder for automated URL analysis to spot an attack, our email protection solutions can detect the same. Regardless, it is the ability of the users to spot suspicious emails and websites that can reduce the occurrence of such attacks.”

Users should exercise scrutiny by checking for suspicious senders, URLs, and attachments. This can help them in spotting the attack before they get to the reCaptcha. Barracuda Networks aims to provide security awareness training to users to establish a solid foundation in recognizing and reporting any kind of phishing attacks., the email itself still a phishing attack and may be detected by email protection solutions.

About Barracuda Networks:

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them – in ways they may not even know they are at risk – so they can focus on taking their business to the next level. For more information, visit barracuda.com.