Skip to main content

CAPTCHAs used in phishing scam

The latest phishing scam, targeting Microsoft 365 users, has used CAPTCHAs in order to convince users that they’re on a legitimate page. We took a look at the scam to find out more, and how you can avoid falling victim to the latest phishing tactic.

What is phishing?

Phishing is a tactic used by individuals to gain personal information from users. Phishers usually pose as legitimate organisations, or companies that individuals have heard of, and use an email, telephone call or text message to contact a target. The recipient will then be encouraged to visit a fake website, or click a link in the text message or email which can lead them to a fake website. 

This website will often look legitimate, and the user will be encouraged to input their login details. From there the phisher has access to their account, and can sell the information, use it to access more accounts, or install malware on the person’s device. This malware can then collect more information. On occasions where the phisher pertains to be representing a bank, they can then steal money from individuals. 

On some occasions phishing will lead to ransomware, which is where malware is installed on your device and you are unable to access your files and documents without paying the phisher. 

What about this scam?

This phishing scam is targeting Microsoft 365 users, and as such is one for businesses in particular to look out for. Individuals who click the link in the email are taken to a webpage where they are prompted to click through three separate CAPTCHA screens, before finally prompting them for their Microsoft 365 login details.

The ramifications of this scam are huge for enterprises; allowing a phisher access to a Microsoft 365 account may not only compromise the security of that individual, but all other employees within the business, as well as any customer data stored within these accounts. 

Let’s talk about CAPTCHA

The unique aspect of this scam is the CAPTCHA screens. CAPTCHA screens are the pop ups often displayed when you login to a secure site; they ask you to confirm that you aren’t a robot by selecting all the photographs featuring a certain thing such as trees or streetlights. The CAPTCHAs in this scam have reportedly asked victims to click the ‘I’m not a robot’ box, then click photos featuring bicycles, and then click photos of zebra crossings. However, other images have also been used.

For the phishers, there are a couple of benefits to using CAPTCHA screens. CAPTCHA screens are something that many users are used to clicking to confirm that they are accessing a legitimate site; it is something that we associate with safety, rather than a phishing scam. To an extent, the CAPTCHA screen helps to set victims at ease. 

Additionally, the three CAPTCHA screens are interrupting potential helpful bots that are programmed to identify illegitimate and potentially dangerous websites. By using CAPTCHA screens the phishers are only allowing real people to access their scam - which makes it all the more dangerous.

How can I avoid falling victim to this scam?

Be aware that phishers are using all sorts of tricks to convince you that you’re on a legitimate website, and CAPTCHAs are one of them. If you are on a login page that you’ve accessed through a link in an email, take your time and look critically before inputting any details. 

Ultimately, the best way to protect yourself is by not clicking links in suspicious looking emails, and instead accessing the website directly yourself. It may take a little more time, but it’s going to be a lot safer for you and your business. If in doubt, contact your IT support team for assistance. They’ll be able to discern whether you’re looking at a legitimate email, or a fake. 

Tweet us @TranscenditUK


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
Who can do without Chris in their lives, I certainly couldn't! Well done again. Eileen, Framehouse

Based on 11207 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 17-January-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer
Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner