---
title: "How Something Meant to Keep the Internet Safe Can Leave You Vulnerable | Phish Protection"
description: "How Something Meant to Keep the Internet Safe Can Leave You Vulnerable: You can tell hackers are clever when they start to use the things you trust the most."
image: "https://phishprotection.com/og/blog/how-something-meant-to-keep-the-internet-safe-can-leave-you-vulnerable.png"
canonical: "https://phishprotection.com/blog/how-something-meant-to-keep-the-internet-safe-can-leave-you-vulnerable/"
---

Quick Answer

You can tell hackers are clever when they start to use the things you trust the most to exploit you.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fhow-something-meant-to-keep-the-internet-safe-can-leave-you-vulnerable%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=How%20Something%20Meant%20to%20Keep%20the%20Internet%20Safe%20Can%20Leave%20You%20Vulnerable&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fhow-something-meant-to-keep-the-internet-safe-can-leave-you-vulnerable%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fhow-something-meant-to-keep-the-internet-safe-can-leave-you-vulnerable%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fhow-something-meant-to-keep-the-internet-safe-can-leave-you-vulnerable%2F&title=How%20Something%20Meant%20to%20Keep%20the%20Internet%20Safe%20Can%20Leave%20You%20Vulnerable "Share on Reddit") [ ](mailto:?subject=How%20Something%20Meant%20to%20Keep%20the%20Internet%20Safe%20Can%20Leave%20You%20Vulnerable&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fhow-something-meant-to-keep-the-internet-safe-can-leave-you-vulnerable%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/03/anti-phishing-solutions-7679.jpg) 

You can tell hackers are clever when they start to use the things you trust the most to exploit you.

If you spend any time on the internet then surely you have encountered reCAPTCHA. reCAPTCHA, [a system designed to establish that a computer user is human](https://en.wikipedia.org/wiki/ReCAPTCHA), was _developed by engineers as Carnegie Mellon University and later acquired by Google._

Today, reCAPTCHA uses image verification by asking users to click on specific checkboxes. The system then verifies whether the user is a human or not behind the scenes. And wouldn’t you know it, _hackers are now using reCAPTCHA to phish victims._

![Anti phishing solutions](https://media.mailhop.org/phishprotection/images/2019/03/anti-phishing-solutions-7679.jpg) 

According to an article on [ThreatPost](https://threatpost.com/phishing-scam-malware-google-recaptcha/142142/), the offending emails “asked victims for confirmation for a recent transaction, along with a link to a malicious PHP file. When the victims clicked on the link, the malicious PHP file would send them a fake 404 error page. The PHP code then loaded a fake Google reCAPTCHA using a combination of HTML elements and JavaScript. The **fake reCAPTCHA** looks real, and makes victims feel as though the landing page is legitimate.”

Luke Leal, from website security firm Sucuri, says [there were some ways to identify the reCAPTCHA as fraudulent](https://blog.knowbe4.com/recaptcha-phishbait-targets-google-users). “This page does a decent job at replicating the look of Google’s reCAPTCHA, but since it relies on static elements, the images will always be the same unless the malicious PHP file’s coding is changed. It also doesn’t support audio replay, unlike the real version. _On the surface, however, the replica is very convincing_.”

![Anti phishing service](https://media.mailhop.org/phishprotection/images/2019/03/anti-phishing-service-7679.jpg) 

Phishing attacks at their core are not about technology. They’re about **social engineering**. They’re about taking advantage of human tendencies. So, whether it’s trying to get you to [wipe a hair off your screen](/blog/protecting-against-phishing-is-even-harder-with-invisible-links/), or [using deceptive links](/blog/deceptive-links-make-phishing-emails-even-harder-for-users-to-detect/) or tricking you [while you read the morning news](/blog/how-keeping-up-with-the-news-can-get-you-hacked/), hackers will never stop exploiting human nature.

**Preventing phishing** by expecting humans to not be human is asking a lot. Phishing attacks may be about manipulating human behavior, but to stop phishing attacks one requires [anti-phishing](/) technology. Learn how [PhishProtection’s Advanced Threat Defense](/products/advanced-threat-defense/) can keep your humans from being phished.

## Topics

[ Cybersecurity ](/tags/cybersecurity/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 3m  13,000 Singapore-based students affected as a threat actor hacked into their devices!  Aug 16, 2024 ](/blog/13000-singapore-based-students-affected-as-a-threat-actor-hacked-into-their-devices/)[  Intermediate 3m  The 2024 Multi-Nation Elections Need to Steer Clear of Highly Potent Cyber Menaces  May 9, 2024 ](/blog/2024-multi-nation-elections-cyber-threats-stay-vigilant/)[  Intermediate 6m  7 Commonly Overlooked But Crucial Security Threats That You Might be Ignoring  Feb 6, 2023 ](/blog/7-commonly-overlooked-but-crucial-security-threats-that-you-might-be-ignoring/)[  Intermediate 17m  9+ Cybersecurity Software Solutions For Businesses To Use  May 30, 2022 ](/blog/9-cybersecurity-software-solutions-businesses/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"How Something Meant to Keep the Internet Safe Can Leave You Vulnerable","description":"How Something Meant to Keep the Internet Safe Can Leave You Vulnerable: You can tell hackers are clever when they start to use the things you trust the most.","url":"https://phishprotection.com/blog/how-something-meant-to-keep-the-internet-safe-can-leave-you-vulnerable/","datePublished":"2019-03-12T13:29:52.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-03-12T13:29:52.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/how-something-meant-to-keep-the-internet-safe-can-leave-you-vulnerable/"},"articleSection":"intermediate","keywords":"Cybersecurity","wordCount":358,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/03/anti-phishing-solutions-7679.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"How Something Meant to Keep the Internet Safe Can Leave You Vulnerable","item":"https://phishprotection.com/blog/how-something-meant-to-keep-the-internet-safe-can-leave-you-vulnerable/"}]}
```