Blog Post

Security Alert - Fake Google reCAPTCHA Phishing Attack Targets Office 365 Passwords

Simplify IT • 10 March 2021

Are you a Robot after all? Don't lower you guard to a bogus Google reCAPTCHA system

Microsoft 365 users are the target of particularly devious phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers are hiding their efforts behind - at first glance at least - a seemingly legitimate but completely fake Google reCAPTCHA system and top-level domain landing pages that in many cases include the logos of the victims’ companies.


The emails first take users to a fake Google reCAPTCHA system page. Google reCAPTCHA as you may know is a security measure that is designed to protect websites from spam and abuse, by using a test to make sure you're human. You may be asked to click on the image segments that include traffic lights or trees for example.


In this case though, once victims “pass” the reCAPTCHA test, they are then redirected to a phishing landing page, which asks for their Office 365 credentials. Uh oh.


What's more, this attack is aimed at senior or C-Level job titles (Vice President, CEO, Managing Director etc) who are the most likely to have access to the most sensitive company data. Once they're in, well, you get the picture. So what can you do?

Generic Microsoft branded login page - easy to fake

Branded login page, not so easy to fake - but not impossible

As you can see in the images above, using your own branded login page is a good idea. This makes it harder for nefarious actors to spoof your login page and get you to enter your credentials, because this is dynamically loaded, based on some unique session keys and is always inside an SSL tunnel it’s quite difficult to intercept and fake as you’d have to fake a lot more. So difficult to spoof and well worth the effort to do, but it's not 100% proof,.


So what else can you do?

Using DUO from Cisco, you can protect your Data even if these attackers managed to grab your credentials. This is because it uses multi factor authentication that can defeat any attack. So, to recap...


Brand your login page - Deploy DUO from Cisco.


This is what Simplify IT recommends in response to these attacks. Its always best to be vigilant but its better still to ensure the security of your data should you let your guard down.

Hey, we're all
human.

If you would like more information on DUO and how to protect your business, get in touch

Contact Us
Share by: