We’ve all seen reCaptcha grids asking us to identify traffic signals, motorcycles and crosswalks, right?
Cyber criminals are taking their activities to the next level by adding malicious, fake or cloned captcha walls to phony websites. In some instances, nearly 128,000 to be exact, hackers have actually deployed real captcha walls, of the variety owned by Google via the reCaptcha tool, on their sites.
The reason behind why “…those who would steal your credentials have turned to using the real reCaptcha rather than a mocked-up clone, is that it [reCaptcha] makes it difficult for automated link analysis systems to access the [site’s] content…,” meaning that hackers are less likely to be spotted by intelligence companies or authorities.
Users should know that the presence of reCaptcha on a site doesn’t necessarily mean that the site is safe. Awareness is critical, and users should take additional caution in instances where a reCaptcha grid appears infront a login that’s never had a reCaptcha infront of it previously.
To evaluate the validity of a site, you might be inclined to examine the URL. But these days, hackers can use homoglyphs to make fake URLs appear nearly identical to their authentic parallels. Beware of this within phishing emails as well.
Mitigating all of these threats requires awareness, education and strong cyber security safeguards. For more on this story, visit Forbes.