cancel
Showing results for 
Search instead for 
Did you mean: 

Enable Google reCAPTCHA to help reduce phishing attempts

jeanne_frontain
Adobe Team

Online stores are often targeted by malicious attackers who create false user accounts from which they try to spam email accounts. Note that the email accounts that are targeted are not associated with the merchant store. In fact, the nature of this attack requires that the victim of the phishing email not have an account on the merchant store as that would prevent them from registering the fake account.

 

This post describes a best practice for reducing store vulnerability to this type of exploit.

 

Issue

Attackers try to compromise Magento stores by creating false user accounts, associating each new account with an email address, and then spamming those email accounts. These emails use a template that inserts a false user name in the Name field without sanitizing it. The system then sends these emails, which contain the spam message and link to the email account that is associated with the new user.

 

Protect your store

Merchants can protect their stores from this type of attack by installing and deploying the Google reCAPTCHA extension. Google reCAPTCHA provides a greater level of security for both the storefront and Admin UI than is available with standard CAPTCHA.

 

Install Google reCAPTCHA

The Google reCAPTCHA extension is bundled and installed with Magento Open Source and Magento Commerce 2.3.x. However, you must enable this feature by generating Google reCAPTCHA keys and configuring this feature.

 

See for information about generating keys and enabling this feature in Magento. 2.3.x.

 

Magento 2.2.x

The Google extension is bundled and installed with Magento Open Source and Magento Commerce 2.2.9. These topics contain more information on the v2.2.9 implementation:

 

Magento Open Source 2.2.x reCAPTCHA

For Magento Open Source and Magento Commerce v2.2.8 and earlier, follow the instructions in in Magento DevDocs to install and troubleshoot the extension. At this time, Google reCAPTCHA can be installed only from the command line and may require developer assistance.

 

Magento Commerce customers can contact Magento Support at Help Center.

2 Comments