Phishing scheme utilizes CAPTCHA against Microsoft users

Does anybody really like CAPTCHAS?  Those little verification boxes on website login pages that ask you to check a box, or click on all the images with street lights…and then you do and somehow it still fails but if stick with it you can eventually log in, probably.  Anyway, they are perhaps a necessary evil, one which cyber criminals are now exploiting in a new scheme targeting Microsoft Office users.  Hackers in this case are sending phishing emails asking users to click a link to reset their Office passwords.  CAPTCHAS are then deployed in an attempt to make their fake login pages look more legitimate.  Entering your Office account info allows the intruders to steal your data.  People tend to feel safer when a website utilizes CAPTCHA, which is why hackers concocted this simplistic scheme.

Naturally, caution is the best defense here.  Did you receive an email regarding a password reset to your Microsoft Office account?  Yes?  Ok, did you request a reset?  No?  Well, there you go.  It’s not theoretical physics.  If you did, however, then be sure to verify the authenticity of the landing page.  Hackers will always try new tricks as cybersecurity catches up with their old ones.  Fortunately, all it takes to foil them in some cases is a little knowledge.

Staying informed is another powerful defense when it comes to the safety of your social media.  Aside from targeted advertisement, the content you share can allow unsavory digital denizens to target you for their cyber crimes.  As always, there are the risks associated with easy-to-guess passwords, especially those reused across multiple platforms.  If a hacker steals it, they now have access to any account for which it is used.

Oversharing is the other big issue when it comes to social media security.  All sorts of information are available on publicly viewable profiles: pictures, interests, locations, and of course contacts.  Among all this sharing, take care that you never share personal or financial data over any social media or app.  Decide what is worth sharing versus what might be best kept private.  Moreover, just as reusing passwords is an inadvisable risk, so is using logging in to other locations with pre-existing accounts, like Facebook or Twitter.  You often see these options and while it may seem convenient, it creates another layer of vulnerability, makes it easier for hackers to build a thorough profile of you.

Ultimately, having all these little tips and tricks in your arsenal can put you in the optimal position to protect your personal information from those who would exploit it at your expense.


By: Jonathan Weicher, post on October 7, 2020
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security