Attackers Use AI Development Tools To Craft Phony Captcha Pages
KnowBe4, Thursday, September 25th, 2025
Attackers are abusing AI-powered development platforms like Lovable, Netlify and Vercel to create and host captcha challenge websites as part of phishing campaigns, according to researchers at Trend Micro.
"Since January, Trend Micro has observed a rise in fake captcha pages hosted on such platforms," the researchers write.
"These scams pose a dual threat: misleading users while evading automated security systems....The phishing campaigns typically begin with spam emails carrying urgent messages such as: 'Password Reset Required' or 'USPS Change of Address Notification,' which are standard tactics that are a staple of these types of attacks. Clicking the embedded URL directs the target to what appears to be a harmless captcha verification page."