reCaptcha Credential Phishing Campaigns
NJCCIC Alert
Original Release Date: 5/8/2020
Summary
Barracuda researchers discovered multiple email credential phishing campaigns using real reCaptcha walls to evade detection by email security systems. Threat actors easily trick their target with a phishing email containing an HTML attachment that, if clicked, directs them to a reCaptcha wall, giving the familiar appearance that the page is legitimate and secure. However, once the reCaptcha is solved, users are redirected to a spoofed Microsoft login page. If credentials are entered, they are sent to the threat actors in the background.
Recommendations
The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to avoid clicking links or opening attachments in emails from unknown senders, and exercise caution with emails from known senders. If you are unsure of an email’s legitimacy, contact the sender via a separate means of communication. We also recommend only entering account credentials into websites navigated to directly, not via links delivered in emails. Users are advised to run updated anti-virus/anti-malware programs on all devices and enable multi-factor authentication where available to prevent account compromise as a result of credential theft. Please review the Barracuda blog and Cyware article for more information.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.