Cyberattackers targeting the hospitality industry were recently observed using a phishing page that featured CAPTCHA technology as a way to elude detection, as well as to give potential victims a false sense of security that the malicious site was legit.

The scam was revealed yesterday in a blog post from Menlo Security – the latest in a string of reports this year from security companies that have warned of this social engineering and evasion technique. Fortunately, experts say that phishing-site CAPTCHAs sometimes offer visitors – especially attentive ones who are trained in security awareness – certain visual and contextual clues that something is amiss.

A CAPTCHA (sometimes referred to as a reCAPTCHA – a version developed by Google) is a test placed on websites to determine whether a visitor is a genuine human or an unwanted bot. Generally, users are asked to check a box or click on a series of images that contain a specified object, like a traffic light or bicycle.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.