Morioh
Login
Marielle Rippin

Marielle Rippin

3 years ago

Researchers are warning of an ongoing Office 365 credential-phishing attack that’s targeting the hospitality industry – and using visual CAPTCHAs to avoid detection and appear legitimate.

CAPTCHAs – commonly utilized by websites like LinkedIn and Google – are a type of challenge–response test used to determine whether or not the user is human, such as clicking on the parts of a grid that have a specific object pictured. Cybercriminals have previously utilized CAPTCHAs as a way to defeat automated crawling systems, ensure that a human is interacting with the page and make the phishing landing page appear legitimate.

Though the use of CAPTCHAS in phishing attacks is nothing groundbreaking, this attack shows that the technique works – so much so that the attackers in this campaign used three different CAPTCHA checks on targets, before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page.

“Two important things are happening here,” said researchers with Menlo Security, in a post this week. “The first is that the user is made to think that this is a legitimate site, because their cognitive bias has trained them to believe that checks like these appear only on benign websites. The second thing this strategy does is to defeat automated crawling systems attempting to identify phishing attacks.”

Menlo Security’s Director of Security Research, Vinay Pidathala, told Threatpost said that researchers are unsure of how many users were specifically targeted, however, the industries targeted by this campaign were primarily technology, insurance, and finance and banking.

The multiple CAPTCHAs serve as backups, in case the first one gets defeated by automated systems, said researchers.

In the first CAPTCHA check, targets are simply asked to check a box that says “I’m not a robot.”

After that, they are then taken to a second CAPTCHA that requires them to select for instance all the picture tiles that match bicycles, followed by a third CAPTCHA asking them to identify, say, all the pictures that match a crosswalk. Attackers also do not use the same CAPTCHAs – researchers said, during their testing they came across at least four different images utilized.

Finally, after passing all these checks, the target is taken to the final landing page, which impersonates an Office 365 log-in page, in an attempt to steal the victims’ credentials.

#cloud security #web security #captcha #compromised email #credential theft #domain #email credentials #hack #menlo security #microsoft #office 365 #phishing #phishing attack #recaptcha #scam

Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs

threatpost.com

Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs

Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry – and using visual CAPTCHAs to avoid detection and appear legitimate. ... The multiple CAPTCHAs serve as backups, in case the first one gets defeated by automated systems, said researchers.

2.05 GEEK