CAPTCHA is an acronym that stands for the Completely Automated Public Turing test to tell Computers and Humans Apart. CAPTCHAs are tools used to distinguish between actual users and automated users such as bots. CAPTCHAs generate challenges that are difficult for computers to solve but are relatively simple for humans to complete. A CAPTCHA test is most commonly used to identify a specific group of objects in an image, as well as numbers or letters within an obscured image.
Phishing campaigns have been utilizing CAPTCHAs for dual purposes. Phishing web pages and content hidden behind captcha is protected from automated crawler detections. Utilizing CAPTCHA tests on phishing web pages also instills a higher level of confidence in victims visiting the phishing URL. As a result, users are more likely to trust the website and may divulge sensitive information or download malicious content.
Phishing campaigns targeting Microsoft Outlook, Apple and other login pages are rampant. Users see the following CAPTCHA when they visit the page.
After completing the CAPTCHA challenge, the user is directed to a phishing website for Outlook or Apple ID.
Multiple grayware campaign pages are also protected by CAPTCHA. Grayware pages are frequently used in survey and lottery scams. In exchange for a false payment or a chance to win the lottery, the user is enticed to reveal sensitive information such as their address, date of birth, banking information, and so on.