Click Fraud, CAPTCHA Breakers Threaten Brands
July 23, 2010
Biz Report cites research from MessageLabs (Symantec) demonstrating that CAPTCHA breaking is increasing, with more fraudsters employing automated computer programs -- called bots -- to break CAPTCHAs and create email accounts that they then use to send spam and phish for consume
r information.
This increase shows the ineffectiveness of the traditional, text-based CAPTCHAs used on most websites and Web-based email services today. Such CAPTCHAs, which show warped and distorted words or letters, are easily broken by bots using optical character recognition (OCR) software or dictionary attacks (where the bot quickly compares the CAPTCHA word to all the known words in the dictionary until it finds a match.)
Picture CAPTCHAs, like Confident CAPTCHA from Confident Technologies, are more secure against bots because bots cannot understand the semantic meaning behind the instructions and correctly identify the subject of the photos. Additionally, because Confident CAPTCHA uses a large and constantly changing database of images, bots cannot use a dictionary attack against the catalogue of pictures.
As the threats from spammers and fraudsters continues to increase, Webmail providers and other website owners will need to adopt more advanced CAPTCHA techniques that are more secure against bot attacks.
To read the full Biz Report article, click here.