Latest news with #ZakirHussainRangwala
Indian Express
6 days ago
- Indian Express
Fake CAPTCHA scams: How 'I'm not a robot' could infect your device
It usually starts with a harmless web search. You are attempting to locate a website for a product that you really liked, and as you click on the link, a familiar box pops up, asking you to prove you are not a robot. You see 'I'm not a robot' written, and the checkbox. You have seen it so many times, so you don't really give it much thought. Sometimes, this could be a trap. One wrong click, and instead of proving you're human, you could be opening the door to malware, and behind this, is a fake CATCHA scam. CAPTCHA stands for 'Completely Automated Public Turing test to tell Computers and Humans Apart.' It's a security tool to confirm a user is human, not a bot. CAPTCHAs may involve distorted text, image selection, audio cues, simple puzzles, or just ticking a checkbox (called reCAPTCHA). These may also be time-based. Cybercriminals now mimic these tests to trick users into downloading malware. 'Fake CAPTCHAs are often distributed through compromised websites, malicious ads, or phishing emails,' said Zakir Hussain Rangwala, CEO of BD Software Distribution Pvt Ltd. 'They may also appear on lookalike domains of popular sites, persuading users to enable browser notifications or download files under the guise of verification.' According to CloudSEK's Threat Research and Information Analytics Division (TRIAD), 'A sophisticated tactic is being used to spread the Lumma Stealer malware, targeting Windows users through fake human verification pages.' CloudSEK found that in this campaign, threat actors create phishing sites hosted on various providers, often leveraging Content Delivery Networks (CDNs) for faster distribution and added legitimacy. These sites display a counterfeit Google CAPTCHA page, designed to mimic the real verification process. These phishing sites instruct users to: * Open the Run dialog (Win+R) * Press Ctrl+V * Hit Enter This action executes a hidden JavaScript function that copies a base64-encoded PowerShell command to the clipboard, and this, when executed, downloads the Lumma Stealer malware from a remote server. 'Clicking a fake CAPTCHA itself isn't the real danger; the problem begins when you follow the instructions it provides. For example, pasting commands into your terminal and executing them, or downloading a file to 'prove' you're not a robot, can put you at serious risk. Always avoid carrying out such instructions,' said Anshuman Das, cybersecurity researcher at CloudSEK. Deependra Singh, cyber expert, Betul Police (MP), and Rangwala outlined key differences between genuine and fake CAPTCHAs. Legitimate CAPTCHAs appear on trusted websites and involve straightforward tasks such as selecting images, entering distorted text, or ticking a checkbox. Fake ones, on the other hand, often demand unrelated actions like clicking 'Allow' for notifications, downloading files, or providing personal or financial information. A quick way to spot a fake is to check the site's address for misspellings, unusual characters, or unfamiliar domains. Another red flag is if the CAPTCHA appears as a random pop-up rather than being embedded directly within the webpage. What to do if you suspect you have encountered a fake CAPTCHA 📌Exit the site immediately. 📌Disconnect from the internet. 📌Run a full antivirus scan. 📌Clear browser cache and cookies, and remove suspicious extensions. 📌Change passwords for critical accounts using a secure device. 📌Delete any downloaded files without opening them. 'Industries like e-commerce and online gaming face higher risks,' Rangwala warned. 'These attacks can steal credentials, install spyware, or allow remote access.' Singh's advice is simple: 'Avoid clicking unknown links and always check the URL. One wrong click can cost you both your money and your privacy.'
Hans India
12-06-2025
- Business
- Hans India
Cybersecurity Becomes a Priority for Businesses Amid Rising Global Uncertainty
Cyberattacks tend to surge during periods of global instability, from political unrest to economic slowdowns. Amid this situation, Mr. Zakir Hussain Rangwala, CEO of BD Software Distribution Pvt. Ltd., has shared his insights with The Hans India on how organisations can navigate these challenges. He emphasised that now more than ever, businesses must prioritise cyber resilience to safeguard their operations and data from increasingly sophisticated threats. Mr. Zakir Hussain Rangwala CEO- BD Software Distribution Pvt. Ltd. As per Mr Zakir Hussain, these situations give cybercriminals and advanced threat groups more opportunities to target vulnerable organisations. Businesses across all sectors and sizes face increased risk, even if they are not directly involved in these external events. Cyber attackers take advantage of such instability to launch well-planned and aggressive campaigns. These include ransomware, phishing, data breaches, and supply chain attacks. Their goals may vary—ranging from financial gain and data theft to causing operational disruptions—but the results are often serious: data loss, downtime, reputational damage, and financial impact. Organisations with limited cybersecurity measures are particularly vulnerable, but even well-protected companies can be at risk through third-party vendors or remote teams. This makes it more important than ever for businesses to take a comprehensive approach to cybersecurity. To stay secure in this challenging environment, businesses need to be proactive and build strong cyber resilience. Start by using advanced security tools such as Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), and threat intelligence platforms to quickly identify and respond to threats. Adopting a Zero Trust model helps reduce access-related risks by continuously verifying users and devices. Regular security checks and patch management are also key to closing potential vulnerabilities. Training employees to identify phishing and follow safe online practices plays a crucial role. In addition, organisations should maintain secure, frequently tested data backups to support fast recovery if an incident occurs. Finally, having a clear and tested incident response plan ensures that operations can be restored quickly and efficiently. As a trusted value-added distributor, BD Soft supports businesses with the tools and expertise needed to stay protected during uncertain times. With a wide portfolio of global cybersecurity solutions, fast deployment support, and expert guidance, BD Soft helps organizations strengthen their defences and maintain business continuity—regardless of external challenges.
