Fake CAPTCHAs

Fraudsters are deploying fake CAPTCHAs to fool people into downloading viruses onto their computer.  Real CAPTCHAs ask to prove you’re not a robot by finding certain objects in an image or typing letters and numbers as they exactly appear.  The purpose is to protect websites from spam and bot attacks by making sure you’re a human user.

A fake CAPTCHA may look like a real CAPTCHA, but it asks for more under the guise of security verification:  a message says to type a series of commands, such as “Windows + R,” then “Ctrl + V,” and then “Enter”.  When you do this, you’re downloading and running a hidden virus on your computer, which will search for and steal passwords or sensitive information.

Protecting Yourself

• Real CAPTCHAs won’t ask you to type commands.  If the CAPTCHA requests this, refuse and close out of the website immediately.
• If a download is requested or started after doing a CAPTCHA, cancel or delete it immediately.
• Check if you’re on a legitimate website.  Fake CAPTCHAs are often set up on websites that may appear to be genuine.
• Keep your anti-virus software up-to-date.

If You Become a Victim

Take the following actions right away:

• Cut off your computer from the Internet.  This stops the virus from sending your information to the fraudster.
• Run your anti-virus software to scan and remove the virus.
• Change your passwords and enable multifactor authentication using a different device.
• File a complaint with the FTC at https://reportfraud.ftc.gov/.

Video

For more information, watch this video from NBC10 Philadelphia: