Scammers Target Microsoft Users with A Google reCAPTCHA Phishing Attacks

Written by on 10-03-2021

A phishing tactic was used for many years, but recently researchers have discovered a new phishing threat in December 2020. Microsoft users are the victim to this threat, scammers are disguising their tactics with a somewhat legitimate Google reCAPTCHA, and directs the victims to top-level domain landing pages to steal classified credentials.

Over the past 3 months, at least 2,500 phishing emails are supposedly sent to senior-level employees in the banking and IT sector, but the attempt was unsuccessful, as it was blocked by Zscaler cloud, according to researchers. The scammers intended to target people with the title of Vice President and Managing Director so that they can access valuable company assets. Researchers found out that emails are sent to each recipient with a fake Google reCAPTCHA page, once the victim answered the reCAPTCHA test, then the system will direct victims to a phishing landing page, requesting Office 365 credentials.


(Image credit: Zscaler)

Automated phishing emails are disguised from victims’ unified communications tools with an attached file, pretending to be a voicemail message. Next, once the attachment is opened, a fake reCAPTCHA will appear on the screen, with a checkbox, noting “I’m not a robot”. After the reCAPTCHA test, the victim will be directed to a Microsoft login screen, appearing to be a legitimate landing page with a valid logo, deceiving them to enter credentials into the system.

(Image credit: Zscaler)

(Image credit: Zscaler)

The scammers are using a typical hosting, such as .xyz, .club, and .online to scam victims with phishing tactics, since each hosting can be cheaply purchased, adding the advantage for scammers to trick victims into believing this phishing campaign.