We are all familiar with CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) these are security measures put in place that help websites to distinguish between humans and bots. CAPTCHA’s ask questions or present puzzles that are simple for humans to solve but difficult for computers.

Cybercriminals can use fake CAPTCHAs to distribute malware and steal personal and financial information. You can encounter these on any website through ads or other compromised content.

If you interact with the fake CAPTCHA your device can be infected with malware, and you can be tricked into providing your password or other sensitive information.

A fake CAPTCHA can look like this,

Press Win + R (this opens the Run dialog box)

Press CTRL + V (this pastes the line from the clipboard into the text field)

Press Enter (this executes the code)

If you are presented with this type of CAPTCHA do not interact with it and close your browser.

A fake CAPTCHA may also involve identifying characters from distorted text, selecting specific pictures, or completing a simple math problem.

How To Spot Fake CAPTCHAs & Protect Yourself

Normal CAPTCHAs are simple prompts and easy to complete. If the CAPTCHA seems unusual or is difficult to solve that can be a red flag that it is fake.

If you interact with a CAPTCHA that is followed by a prompt to download a file or program don’t do it, CAPTCHAs don’t require any downloads. 

The security features built into browsers warn you if you are visiting a dangerous website. Heed these warnings.

A legitimate CAPTCHA will not appear randomly as a popup or ad.

Real CAPTCHA pages are found on secure websites that require user verification.

A legitimate website will never ask you to open a run command as part of a CAPTCHA.

Visit only secure, trusted websites. A secure website should display the padlock symbol, and the web address should begin with “https”.

Never follow instructions on a website without thinking it through. If something doesn’t feel right leave the site.

Keep your computers and other devices up to date with operating system, app and program updates.

Use antivirus software on all your devices.

The next time you are presented with a CAPTCHA think twice. If something doesn’t feel right, trust your instincts.