Are you tired of all those websites that before giving you access, will make you do a math problem, interpret wavy and blurry numbers and letters or look at pictures to see which ones have a stoplight, motorcycle or school bus, all to find out if you’re a robot? I know, me too. It’s really annoying, I’m not a robot!
Cyberattackers are using Google’s reCAPTCHA function, also know as the “I am not a robot” function and other CAPTCHA-like services to make their phishing schemes appear more legitimate. CAPTCHAs are familiar to the general public but what you don’t know is that they prevent security crawlers from detecting malicious content and adds a legitimate look to phishing login pages.
Over the past month the security team at Palo Alto Networks detected over 500 new CAPTCHA protected phishing websites per day. This scam is on the rise and you’re likely to see one in your inbox soon. What can you do?
1) Check the sender
Phishing emails typically come from a compromised email account, or from a free service like Gmail, Yahoo or Outlook.com. That’s your first sign that it’s an email from a scammer.
2) Check the url
You can hover your mouse over a link embedded into an email message or tap and hold it on your phone to see where the link goes. If the website url doesn’t match the sender or company’s domain name, that’s a big red flag that someone is trying to trick you.
Hopefully these tips help you identify suspicious and phishing emails. After all, we’re not robots right? Stay safe out there.