You can tell hackers are clever when they start to use the things you trust the most to exploit you.
If you spend any time on the internet then surely you have encountered reCAPTCHA. reCAPTCHA, a system designed to establish that a computer user is human, was developed by engineers as Carnegie Mellon University and later acquired by Google.
Today, reCAPTCHA uses image verification by asking users to click on specific checkboxes. The system then verifies whether the user is a human or not behind the scenes. And wouldn’t you know it, hackers are now using reCAPTCHA to phish victims.
Luke Leal, from website security firm Sucuri, says there were some ways to identify the reCAPTCHA as fraudulent. “This page does a decent job at replicating the look of Google’s reCAPTCHA, but since it relies on static elements, the images will always be the same unless the malicious PHP file’s coding is changed. It also doesn’t support audio replay, unlike the real version. On the surface, however, the replica is very convincing.”
Phishing attacks at their core are not about technology. They’re about social engineering. They’re about taking advantage of human tendencies. So, whether it’s trying to get you to wipe a hair off your screen, or using deceptive links or tricking you while you read the morning news, hackers will never stop exploiting human nature.
Preventing phishing by expecting humans to not be human is asking a lot. Phishing attacks may be about manipulating human behavior, but to stop phishing attacks one requires anti-phishing technology. Learn how PhishProtection’s Advanced Threat Defense can keep your humans from being phished.