Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords
A new phishing attack targeted Microsoft users has emerged, according to researchers. The phishing campaign seeks to steal Office 365 credentials via leveraging a fraudulent Google reCAPTCHA system. The operation appears to be sophisticated due to the reCAPTCHA ploy and top-level domain landing pages featuring logos of the victim’s companies.
Researchers have discovered at least 2,500 emails associated with this campaign sent to senior-level employees largely in the banking and IT sector. The campaign seemingly began around three months ago and has been unsuccessful up to this point. Once victims click on the malicious link and complete the Google reCAPTCHA, they are redirected to a phishing landing page that prompts them to enter their Office 365 credentials.