Don’t Be Fooled by the Enemy: Hackers Now Using CAPTCHA To Bypass Standard Email Protection

As hackers get more and more sophisticated, there are a variety of added security measures to ensure you aren’t being phished into giving private information to the enemy. But what happens when the enemy starts to use these protection tools in their favor? Precious information is easily handed right to the hacker while you are none the wiser. 

Hackers have started to use CAPTCHA tools to fool and slip past standard email protections leaving you vulnerable. AZCZOMP Technologies has a team of bleeding-edge cybersecurity agents who are equipped to block even the most convincing of phishing emails. 

What is CAPTCHA and Why Is It Important

CAPTCHA, which stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart, is a security tool utilized on websites to distinguish between human users and automated bots. It typically presents users with a challenge, such as typing distorted characters or selecting specific images, that is easy for humans to solve but difficult for bots to decipher. 

CAPTCHA is useful for preventing automated bots from performing malicious activities such as spamming, brute force attacks, or unauthorized access to online services. By implementing CAPTCHA, websites can ensure a higher level of security and protect their users’ data and privacy from potential cyber threats.

But what happens when the hackers start using this anti-phishing tool to appear more authentic and legitimate? Unfortunately, AZCOMP Technologies has seen an increase in elaborate scams where CAPTCHA is being used to confuse standard email protection platforms into passing them along as permissible. Without being able to proceed past a CAPTCHA tool, standard email protection would be unable to fully vet the embedded links of the email, but AZCOMP Technologies are among some of the few who can effectively recognize and block this type of attack. 

How do we know this? Because our state-of-the-art tools, resources and people are effectively blocking these cyber-attacks for our clients.

Real-Life Trends AZCOMP Technologies Is Thwarting

Cybercriminals use two main strategies to hack into businesses or into people’s computers. The first strategy is to use tactics that are old and proven to work. The second strategy is to develop new tactics. If you are using free or cheap cybersecurity tools to protect your business, it is these new cybersecurity tactics, like using CAPTCHA to hide a malicious site, that your defenses don’t stand a chance against. 

Because AZCOMP Technologies is using state-of-the-art security tools, and because our engineers spend time getting trained on cybersecurity, we are able to identify and block these types of attacks. 

Be leery of free or cheap cybersecurity tools. They may do a decent job at protecting you from the easy stuff but will not protect you from more complicated cyber-attacks. Also be leery of IT support providers that are providing you with free or cheap security tools. These IT providers don’t see the value in adopting cutting-edge security tools and therefore will have a harder time protecting your business from complicated cyber-attacks. 

The Details On This CAPTCHA Cyber-Attack

If you’d like the details of this specific email phishing attack, we’ll lay it out for you here.

Somehow, hackers gained access to the email account of Victim #1.  The hackers then sent an email from Victim #1’s email address to new potential victims. Because these emails were legitimately coming from Victim #1’s email, the emails appear to be legitimate. 

However, the email sent from Victim #1 to Victim #2 contains no words but rather a large screenshot or image to fool email security systems since they can’t read the words within the image. See Figure 1 for an example of an email flagged as “trusted” while using an image to convey a message rather than text. 

Figure 1:

The hackers attached a hyperlink to the image. If Victim #2 clicks anywhere within the image they will be redirected to a malicious URL. This is where it gets even more convoluted and sophisticated. In an attempt to appear legitimate the malicious URL uses CAPTCHA software to verify that Victim #2 is human. It may be selecting specific images, copying distorted text, or simply checking a box that you are human such as in Figure 2.

Figure 2:

The malicious website is hiding behind the CAPTCHA tool. This means, without verifying you are human you cannot proceed past the CAPTCHA page. Standard and run-of-the-mill email protection systems aren’t human, so they technically can’t pass the test and further analyze the authenticity of the URL or determine if it is malicious. Because standard email protections cannot verify what’s past the CAPTCHA tool, the malicious site is never detected and the email is often deemed clean. 

Victim #2 has now verified that they are human through the CAPTCHA tool and the hackers have effectively trapped them. Figure 3 shows a real-life example of a malicious website that appeared after Victim #2 verified they were human on the CAPTCHA page. On the surface, the page looks like a legit Microsoft Office 365 login site, but if you look closely, you can see the URL isn’t Microsoft at all, but interface.com. If Victim #2 proceeds to log in to the malicious website that appears to be authentic, they are freely giving their login credentials over to the hackers while successfully logging in to whatever website they believed to be using—in this case Microsoft Office.

Figure 3:

With our security tools, and with our trained engineers, before anything bad happened, we were able to identify this email had the potential to be bad. We then took this email into an isolated and safe environment where we could click all the links and see everything associated with this malicious email, but without anything bad happening. This is how we were able to confirm that this email was bad, and learn how the hacker used CAPTCHA to hide their evil plans.

AZCOMP Technologies has cybersecurity agents and bleeding-edge technology that allow us to identify this type of phishing attack and stop it in its tracks, protecting you and your business. Schedule your technology assessment with AZCOMP Technologies today to get your business the protection it needs.