Local National Weather Sports Shop Scripps
3  WX Alerts
News and HeadlinesWRTV Investigates

Actions

Feds issue warning about fake CAPTCHA scams

WRTV Investigates told you about the scam in April
Basic graphic (59).png
WRTV
Basic graphic (59).png
Posted

INDIANAPOLIS — The Federal Trade Commission issued a warning Monday about fake CAPTCHA scams.

You’ve seen the box on websites asking you to click on pictures of traffic lights or crosswalks to verify you’re not a robot.

It’s called CAPTCHA.

cell phone6.jpg

The FTC says this is how the scam works:

  • You get an unexpected CAPTCHA request while browsing a website.
  • The screen looks a lot like a regular CAPTCHA, asking you to verify you’re human. But the message says to type a series of commands — something like “Windows + R,” then “Ctrl + V,” and then “Enter”.
  • The screen might say “security verification,” but you’re actually following the steps to paste and run hidden malware on your device.
  • Once it’s there, scammers can quickly steal your email account login data, mobile banking credentials, or any other information they can get access to.

According to the FTC, real CAPTCHAs won’t ask you to run commands on your phone or computer.

CAPTCHA.jpg

If you notice something downloading to your device after responding to a CAPTCHA, act quickly to remove the malware and protect yourself:

  • Disconnect from the internet. This stops scammers from accessing your online shopping or banking accounts.
  • Run a security scan to remove the malware. Keep your software and apps up to date to catch viruses.
  • Change your passwords and enable two-factor authentication (using a different device) in case the malware already gave a hacker access to your accounts.

According to the Identity Theft Resource Center, you can tell it’s a scam if they ask you to press a specific sequence of keys (like the Windows Key+ R, then Ctrl + V) to “fix” the issue.

By following those steps, you’re actually telling your computer to:

  • Open a hidden command box
  • Paste in a “script” or a set of invisible instructions
  • Run that script, which downloads a virus onto your computer

"It gives you very explicit directions on what keys to push in what order, but when you do that, you're actually downloading some malware onto your machine and it's now going to feed all the information from your machine to the bad guys,” James Lee, president of the Identity Theft Resource Center told WRTV Investigates.

Lee told WRTV Investigates they’re seeing the scam pop up on both legitimate websites as well as fake websites.

If you fall for it, act immediately.

"First thing is disconnect your computer from the internet,” said Lee. “So if you're on WiFi, turn off the WiFi, if you've got a wire connected to your computer, unplug the wire."

Also, run anti-virus software on your device and change your passwords using a different device than the one that was compromised.

Have you fallen victim to this scam or any other scam? Contact WRTV Investigates at Kara.Kenney@WRTV.com