Google’s reCAPTCHA Is Being Used To Hide Phishing Pages

An anonymous reader quotes Infosecurity magazine: New research from Barracuda Networks has revealed that cyber-criminals are increasingly using official reCAPTCHA walls to disguise malicious content from email security systems and trick unsuspecting users… [S]ophisticated scammers are beginning to use the Google-owned service to prevent automated URL analysis systems from accessing the actual content of phishing pages, and to make phishing sites more believable in the eyes of the victim, Barracuda Networks warned.

In fact, the security solutions provider observed a single phishing campaign that sent out 128,000 emails to a variety of organizations and employees using reCAPTCHA walls to conceal fake Microsoft log-in pages. This campaign used the lure of a voicemail receipt to fool users into solving the reCAPTCHA wall before being redirected to the malicious page, with any log-in info entered then sent straight to the scammers.