"Phishing Attack Uses Fake Google reCAPTCHA"

A new report by the security firm Zscaler reveals the use of a fake Google reCAPTCHA system in a Microsoft-themed phishing campaign aimed at stealing credentials mainly from senior-level employees in the banking sector. The company said that it has blocked over 2,500 phishing emails tied to the campaign. According to Zscaler's threat research team, ThreatLabZ, the campaign has been active since December 2020. The phishing emails appear to be automated emails sent from a unified communications system used for facilitating corporate communication. These emails contain malicious HTML attachments that redirect victims to a phishing domain disguised as a legitimate Google reCAPTCHA page. Once the reCAPTCHA is verified, victims are sent to a fake Microsoft login phishing page to enter their login credentials. This article continues to discuss findings surrounding the phishing attacks involving the use of a fake Google reCAPTCHA system.  

Device Security reports "Phishing Attack Uses Fake Google reCAPTCHA"