On Cyren.com we use cookies to improve your user experience. By using this site, you consent to our use of cookies. Learn moreAccept and Close
Cyren.de nutzt Cookies um Ihnen den bestmöglichen Service zu bieten. Durch Ihren Besuch dieser Website stimmen Sie der Verwendung von Cookies zu. Mehr erfahrenAkzeptieren und Schließen
Exploiting CAPTCHA: The Latest Evasive Phishing Tactic
by Duncan Mills
The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) has been used in commercial applications since the early 2000s. As its name suggests, it is a mechanism for ascertaining that a real, live human is performing an action at a web site. CAPTCHA is generated by distorting letters and numbers in such a way that a computer using OCR cannot resolve it. Typical applications were originally centered on authentication. For example, if you enter an incorrect password multiple times, you might be presented with a CAPTCHA to ensure that a bot is not attempting to brute force a login. Today there are other applications, such as preventing bots automatically posting good product reviews to falsify scores on review sites.
In the past week we've been receiving reports of different—but seemingly related—email malware campaigns targeting banks in both the US and Europe, specifically in the form of Excel Workbooks containing a malicious macro being sent as an attachment to emails. What's interesting is that even though the email themes used are varied, the attached bait documents are mostly similar.
The global gaming phenomenon Fortnite has a huge global user base – last reported in March at 250 million gamers – and the just-concluded Fortnite World Cup with its $30 million prize pool and an online viewing audience of over two million has certainly only added to its allure. Over 40 million Fortnite gamers competed in qualifying rounds to get one of the 100 coveted spots in the World Cup and a guaranteed $50,000 payout, plus a shot at the $3 million top prize (won by a 16-year old!). Given the size of the global player pool and the evident motivation to up one’s game, it comes as no surprise that cybercriminals are now targeting Fortnite users by leveraging their competitive zeal.
Do you keep seeing phishing emails getting through to users, and wish you could quantify how effective your email security is—or isn't? Email is the main vehicle for introducing malware into an organization, and is practically synonymous with phishing these days, so it is a sensible idea to get a grasp on whether your security is doing its job well or poorly — but lots of people don't. Here at Cyren we know how eye-opening such an evaluation can be, as the email security "gap analyses" that we performed for a series of organizations in 2018 showed that an average 7.2% of email protected by a number of email security products, but still reaching users, was spam or contained a threat.
by Tinna Thuridur Sigurdardottir and Magni Sigurdsson
Cyren’s research lab has turned up 5,334 new, unique phishing kits deployed to the web so far this year, an indication of the scope and scale of turn-key phishing offerings.
