Phishing attack using CAPTCHAs – Cybercriminals attacked their targets using multiple CAPTCHAs. They installed various CAPTCHAs that Office 365 users have to click on before the phishing page. These attacks have been going on and targeting health care institutions. Criminals have been using visual CAPTCHAs to circumvent exposure and appear genuine.
1- What are CAPTCHAs?
CAPTCHAs are generally used by websites to determine and test users whether or not they are human. The test is done, e.g., clicking on the parts that have bicycle or fire hydrant pictures, or a grid that has a particular image. Cybercriminals have earlier employed CAPTCHAs to beat automated crawling systems, to how that a human is on the web page and make the phishing landing page look reliable.
2- Was the Phishing Attack Using CAPTCHAs Successful?
The Phishing Attack Using CAPTCHAs proves that the CAPTCHAs technique works – in this phishing attack, cyber criminals have employed three different CAPTCHA checks on their victims, before eventually dragging them to the fake phishing landing page, which pretends to be a Microsoft Office 365 log-in webpage.
The Phishing Attack Using CAPTCHAs was successful due to two things: a) Victims thought this is a reliable website, because they saw that there are verification checks which located only on harmless websites. b) Moreover, this craft defeated automated crawling systems essaying to detect phishing attacks.
According to researchers, the multiple CAPTCHAs work as backups, in case the one gets bypassed by automated systems. In the first CAPTCHA check, users need to check a box stating, “I’m not a robot.” Then, in the second CAPTCHA, they need to choose all the image tiles that match bicycles. In the third CAPTCHA, they need to classify all the pictures that are crosswalks.
According to researches, cybercriminals don’t use the same CAPTCHAs; they have used at least four different forms.
After all verification checks, the target is redirected to the final fake landing page, representing an Office 365 log-in page that steals victims’ credentials.
3-How to Prevent the Phishing Attack Using CAPTCHAs
Phishing Attacks involve seizing personal information, online passwords, banking details, or money using various techniques. Generally, criminals employ an email, SMS, phone call, or even a fake website that looks legitimate to attack their targets.
By training your employees using the best cyber security training programs , you can minimize the risks of email attacks such as phishing attacks and malicious software attacks that pose a significant danger to your email security. By training your employees on how to discover suspicious emails and fake web pages, you will increase the level of cyber security awareness of your employees phishing attacks.
Email security needs multilayered cyber security solutions for protection. Keepnet Labs’ security awareness training solutions help you to meet these needs. Keepnet provides HTML5 Security Training and Animation Training Videos in many languages, Posters, Screensavers, Cyber Security Newsletters, Phishing Security Tips, Animation Training Videos, gamified security awareness training which help your employees to identify and report phishing attacks and improve the cybersecurity awareness level your employees and generate automatic reports the progress.
B. Simulated phishing Tests for Phishing Attack Using CAPTCHAs
Keepnet Labs Phishing Simulation software offers more than 750+ phishing email templates in many languages.
Also, it is possible to customize phishing emails and phishing URLs for your organization. After you post the phishing email campaigns to your employees, you can test your employee’s awareness against a phishing email and make your users aware of what phishing emails seem and what they should verify on fake email and websites.
Finally, it is possible to review the phishing campaign results in the report with real-time statistics like how many people opened the phishing email, clicked on the fake link, and shared their information.
Protect yourself against Office 365 Phishing Attack Using CAPTCHAs by utilizing Keepnet anti-phishing solutions.
“This post is originally published at www.keepnetlabs.com”
Teknoloji Haberleri