New Delhi — Cases of online fraud have surged in recent months, with cybercriminals increasingly leveraging artificial intelligence (AI) to launch more sophisticated phishing attacks. Recent reports reveal that attackers are using free hosting and website-building platforms such as Vercel, Netlify, and Lovable to create fake CAPTCHA pages, targeting numerous users, particularly in August.
Technology experts warn that these AI-driven phishing attacks appear far more realistic than traditional scams, making users more susceptible to deception.
How the Attacks Work
Cybercriminals typically send spam emails prompting users to reset passwords, update delivery addresses, or attend to other “urgent” notifications.
Clicking the link in the email directs the user to a page that closely mimics a real ‘I’m Not a Robot’ CAPTCHA. Once the CAPTCHA is completed, users are redirected to a phishing form requesting passwords, OTPs, and other sensitive information.
In some cases, attackers use tools like “Vibe Coding” to generate fake pages, while on Vercel and Netlify, AI enables the entire phishing setup to be deployed within minutes.
Expert Commentary: Professor Triveni Singh, Former IPS and Cybercrime Specialist
“Cybercrime is evolving at an unprecedented pace. AI and accessible website-building platforms are making phishing attacks more convincing than ever. Users must exercise extreme caution before interacting with CAPTCHA forms such as ‘I’m Not a Robot.’ Sensitive information like passwords, OTPs, and banking details should never be shared without verification.”
“This is not just about individual security—it is a broader matter concerning the safety of the entire digital ecosystem,” said Professor Triveni Singh, former IPS officer and cybercrime expert.
FutureCrime Summit 2026: Registrations to Open Soon for India’s Biggest Cybercrime Conference
Safety Measures Recommended by Professor Singh
1. Verify the sender’s email address and URL before clicking any link.
2. For banking, e-commerce, or service provider verification, use official websites or apps directly.
3. Always enable two-factor authentication (2FA) on accounts.
4. Never enter passwords, OTPs, or card details on suspicious pages.
5. If a form or CAPTCHA seems unusual, take a screenshot and report it.
6. Keep browser extensions and anti-phishing tools updated regularly.
Analysis
Experts note that AI-powered phishing attacks are far more sophisticated and convincing than traditional methods. According to Professor Singh, these attacks pose serious challenges not only for individual users but also for small and medium-sized businesses, highlighting vulnerabilities in digital security across the board.
The incidents underscore a critical reality: every click online carries potential risk, and digital awareness has never been more essential.
