Surge in Phishing Attacks Using Legitimate reCAPTCHA Walls

Cyber scammers are starting to use legitimate reCAPTCHA walls to disguise malicious content from email security systems, Barracuda Networks has observed. The reCAPTCHA walls prevent email security systems from blocking phishing attacks and make the phishing site more believable in the eyes of the user.

reCAPTCHA walls are typically used to verify human users before allowing access to web content, thus sophisticated scammers are starting to use the Google-owned service to prevent automated URL analysis systems from accessing the actual content of phishing pages.

Book a demo today to see GlobalDots is action.

Optimize cloud costs, control spend, and automate for deeper insights and efficiency.

Book a demo today to see GlobalDots is action.

Researchers observed that one email credential phishing campaign had sent out more than 128,000 emails to various organizations and employees using reCAPTCHA walls to conceal fake Microsoft login pages. The phishing emails used in this campaign claim that the user has received a voicemail message.

Once the user solves the reCAPTCHA in this campaign, they are redirected to the actual phishing page, which spoofs the appearance of a common Microsoft login page. Unsuspecting users will be unaware that any login information they enter will be sent straight to the cyber scammers, who will likely use this information to hack into the real Microsoft account.

Read more: Help Net Security

Latest Articles

Gaming Company SuperPlay Reduces ElastiCache TCO with Strategic Optimization

About the Customer: SuperPlay is a leading Israeli gaming company that develops and publishes mobile games for a global audience. The company specializes in creating engaging social casino and casual gaming experiences, reaching millions of players worldwide. As a technology-driven gaming company, SuperPlay relies on robust cloud infrastructure to deliver seamless gaming experiences to their […]

Itay Tal
1st July, 2025
What is an API Security Audit?

 In January 2024, a misconfigured API exposed 650,000 private messages. These included passwords and internal communications. No exploit chain. No zero-day. Just a public-facing endpoint with no authentication. This wasn’t an isolated incident. From T-Mobile and Twitter (now X) to Kronos Research and the US Treasury, attackers have consistently used APIs as entry points. They […]

Ganesh The Awesome
26th June, 2025
The Ultimate API Security Checklist for 2025

APIs are now the top attack vector in enterprise apps. In 2024 alone, breaches tied to APIs cost an average of $4.88 million, and that number is rising fast. Attackers exploit gaps in API authentication, input validation, and outdated endpoints to compromise systems. Legacy controls no longer suffice, and the OWASP API Top 10 outlines […]

Ganesh The Awesome
26th June, 2025
10 API Security Best Practices for 2025

APIs are the backbone of today’s interconnected software. They power everything from mobile apps and SaaS platforms to internal microservices and partner integrations. But their rapid growth has left many security teams flat-footed. In 2025, many attackers prefer to exploit API misconfigurations hiding in plain sight. What used to be fringe cases (token leakage, zombie […]

Ganesh The Awesome
23rd June, 2025

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services