Cyber criminals will use whatever they can to trick us into taking the action they want us to. And that includes CAPTCHA.
You know, the bot that checks you’re not a bot. For example, when you’re logging in, you have to click all the pictures of the trucks, stop lights or crosswalks.
Now they’re being used to hide illegal websites that are copies of proper sites (such as your bank’s login page).
You can’t see the pages until you’ve passed the CAPTCHA. And because they’re hiding the content of the pages, security software looking for bad sites can’t detect anything malicious. This helps make the spoofed site look legitimate.
This is not a new ploy from cyber criminals, but it’s definitely growing. It’s estimated more than 500 new websites hiding behind CAPTCHA go online every day.
So how can you tell the genuine ones from the fakes?
Sometimes on fake CAPTCHA pages the images are always the same, rather than changing each time you visit the page.
Another good indicator that it’s a fake is that the audio replay function doesn’t work, unlike on a genuine CAPTCHA page.
Can we train your staff how to spot a dangerous web page? Give us a call at 317-497-5500.