Google reCAPTCHA misused to obtain M365 credentials | cyberprotection operation center news

A personalized phishing campaign went after 2,500 senior managers. A successful compromise could lead to data leaks or future CEO fraud attacks. 42% of the targets were in the financial and IT sector. The phishing site used a Google reCAPTCHA as a distraction, before ending up at an Office 365 phishing websites which also included the logo of the victims company. The use of reCAPTCHA can hinder automated detection. The Cyber Protection Operation Center (CPOC) blocked nearly 700,000 malicious web requests in February, that’s an increase of 37% compared to January. The URL filtering in Acronis Cyber Protect Cloud prevents users from ending up at phishing websites, even if they click on the link.