Cyberattackers targeting the hospitality industry were recently observed using a phishing page that featured CAPTCHA technology as a way to elude detection, as well as to give potential victims a false sense of security that the malicious site was legit.
The scam was revealed yesterday in a blog post from Menlo Security – the latest in a string of reports this year from security companies that have warned of this social engineering and evasion technique. Fortunately, experts say that phishing-site CAPTCHAs sometimes offer visitors – especially attentive ones who are trained in security awareness – certain visual and contextual clues that something is amiss.
A CAPTCHA (sometimes referred to as a reCAPTCHA – a version developed by Google) is a test placed on websites to determine whether a visitor is a genuine human or an unwanted bot. Generally, users are asked to check a box or click on a series of images that contain a specified object, like a traffic light or bicycle.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
-
News analysis
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
-
Archives
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
-
Daily Newswire
SC Media’s essential morning briefing for cybersecurity professionals.
-
Learning Express
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.