Fake CAPTCHA scams could expose your personal data
Consumer experts warn scammers are using fake CAPTCHA tests to trick users into downloading malware that steals personal and financial data.
Fake CAPTCHA pages may install malware and steal your data. Sergio Flores from NBC 7 Responds and Telemundo 20 Responde shows us how to spot the warning signs and protect yourself.
A common online security tool — CAPTCHA — is now being used by scammers to trick people into giving up sensitive personal and financial information.
CAPTCHA tests, often appearing as “I’m not a robot” checkboxes or image selection puzzles, are designed to block bots from accessing websites, creating fake accounts, or carrying out other harmful activity.
WATCH HEREBut the Identity Theft Resource Center warns that criminals are now creating fake CAPTCHA pages to target unsuspecting users.
These fake pages may look legitimate at first, asking users to verify images like traffic lights or crosswalks. However, there are key warning signs that indicate something is wrong.
What should I look out for?
One major red flag is an error message instructing users to press a sequence of keys to continue.
Experts say that this should immediately raise concern.
Local
If that happens, users should stop and avoid following any instructions on the page.
The reason is that scammers may be trying to install malware known as the “StealC” virus or similar programs onto a device.
According to the Identity Theft Resource Center, this type of malware can search a computer for saved passwords and cookies, collect login information for email and other accounts, capture screenshots, and gather details about the device.
What if I encounter a fake CAPTCHA?
If you encounter a suspicious CAPTCHA page, experts recommend closing the tab immediately and navigating directly to the intended website by typing the address into your browser instead of clicking links.
They also suggest using passkeys and enabling multi-factor authentication whenever possible to add extra layers of security.
For those who believe they may have already downloaded malicious software, experts recommend disconnecting from the internet by turning off Wi-Fi or unplugging the network cable, changing passwords using a separate device, and running a full scan with a trusted antivirus program.
It’s also important to closely monitor financial accounts for any unusual activity.
In addition, regularly checking and locking your credit reports can help detect potential identity theft early and limit damage if personal information is compromised.
This story was originally reported for broadcast by NBC San Diego. AI tools helped convert the story to a digital article, and an NBC San Diego journalist edited the article for publication.
