Fake Login Pages and CAPTCHA Scams: New Cyber Threats Exposed
Cybersecurity is becoming a major concern these days. We came across many incidents of online harassment, theft and hacking on different platforms. Now, a new cyber threat has emerged, putting the privacy of many users at risk. According to some latest reports, hackers are using the fake login pages to steal personal information and One-Time Passwords (OTPs). These pages look real, but attackers design them to trick users.
The National Computer Emergency Response Team (CERT) has issued a serious warning. According to their latest advisory, there has been a sharp rise in phishing attacks targeting Gmail and Microsoft 365 accounts. These attacks can bypass Two-Factor Authentication (2FA) as well. Just recently, Google has also issued a warning claiming that 2FA security method is not enough to secure your accounts. There is a need to use a passkey for more security.
Fake Login Pages and CAPTCHA Scams: New Cyber Threats Exposed
The advisory also reports that there is an alarming 1800% increase in SVG (Scalable Vector Graphics) phishing attacks in 2025. Hackers used SVG files to hide malicious code. They sent these files through email or websites. Once a user clicks on such content, the attackers can access private data such as emails, documents, and login credentials.
One common method used by hackers is the use of fake CAPTCHA pages. They designed these pages using HTML5 and may seem like a regular security check. However, they contain scripts that steal user information. Victims think they are verifying themselves, but in reality, they are giving their details to hackers.
Many famous platforms, including Gmail, Microsoft 365, Google Workspace, SharePoint, and OneDrive, are under these attacks. These platforms are widely used in offices and schools, making them attractive targets for cybercriminals. When attackers gain access to these services, they steal sensitive emails, files, and internal communications.
To cope with such situations, the National CERT has urged all organisations and users to take quick and appropriate action. There is a need to review login systems and apply the latest security updates. It is also important to test systems through Red Team exercises. These are simulated attacks that help identify weak spots in security before real hackers can exploit them.
See Also: Google Confirms Targeted Attack on Gmail Users โ Why Passwords Are No Longer Safe
Additionally, CERT has also shared some key advice for individual users. To remain secure, you should always log in by typing the official website address in your browser. Also, avoid clicking on login links sent through emails or text messages, especially if they seem suspicious. Regularly check your login history and use strong, unique passwords for each account.
Moreover, organisations should audit their authentication processes. This includes checking how login tokens are issued and whether employees are trained to spot phishing attempts. They should also keep software and security systems updated.
No doubt, the threat from phishing and 2FA bypass attacks is growing. Both individuals and organisations need to be alert. By following safety tips and applying the right security measures, the risk of falling victim can be reduced.
Cybersecurity is everyoneโs responsibility. Stay aware, stay protected.
