ANN/AFP/THE STAR – Not content with deceiving Internet users via phishing schemes and the creation of increasingly convincing fake websites, cybercriminals are now deploying fake CAPTCHAs, the automated tests designed to verify that you’re “not a robot” when you access a website.
Typically, a CAPTCHA involves copying numbers and letters, or solving small, simple tasks like selecting specific images. Unfortunately, this technology is progressively being hijacked by hackers, who are now using fake CAPTCHAs to trick Internet users and jeopardise the security of their devices or steal personal data.
It has become relatively easy to encounter these fake CAPTCHAs, especially by clicking on a hacked advertisement or link. The user is then directed to a page displaying a fake test, where, upon completion, a malicious script can be executed, leading to the installation of harmful software on the user’s device.
Malwarebytes warns of this new tactic of luring users to websites offering popular content, such as news articles, but also music or movies. Once redirected, users are faced with a CAPTCHA prompting them to follow instructions that copy and paste information. Without realising it, the user then unwittingly executes a command that downloads and installs malicious software onto their device.
Fortunately, it’s still fairly easy to recognise a fake CAPTCHA. This is the case, for example, if the test seems much more complex than usual, or if you are asked to perform unusual actions, such as executing commands or copying and pasting text. In the meantime, don’t forget to update your web browser.
