Beware of fake captcha scams

What is a CAPTCHA?

According to Google, a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart in English) is a type of security measure known as question-answer authentication.

Commonly known by the “I am not a robot” button, boxes to write a code or choose images. These simple tests serve to prove that you are a human and help protect from spam, access accounts securely, and prevent unauthorized entry.

However, these tests, which have been effective for more than a decade, are now used as a tool by scammers.

Scams with fake captcha

According to AT&T the criminals’ modus operandi usually begins by sending an email requesting that you review a document, or notifying that there is a voice message on what appears to be your work telephone system. By clicking on the attached link or document, you are directed to a fake captcha site.

The intent of the captcha is to give a sense of legitimacy and gain trust so that, upon passing the test, you will be directed to a fraudulent site that requests personal information and account login.

The risk of these scams is that all accounts, and the information in them, are left completely vulnerable and available to criminals.

Ethical Hacking Consultants a firm specialized in information security, explains that there can also be attacks through deceptive ads when browsing the web.

When on a page, ads appear that take up the entire screen that redirect users to fake captcha pages or error messages that limit the Chrome browser. When trying to fix it, users copy a hidden Windows PowerShell command to the PC’s clipboard, and when executed, malware is downloaded that compromises their information.

What to do to avoid attacks?

These are some tips that can be taken into account to avoid falling into attacks using captcha:

• Stay alert and be wary of emails asking you to take action. Phishing emails typically require an immediate response or action.

• Check who the sender of the email is and verify that it is a correct address. Criminals often use slightly different versions to deceive.

• Do not click on any links or documents or reply to the message. Please confirm if you are an acquaintance first. Avoid following suspicious registrations online.

• If you click or open something suspicious, immediately contact your IT department or the company managing the account. They can tell you the steps to follow to verify the email or help protect your information.

• Apply comprehensive protection to your devices and accounts.