Cybercriminals are using fake CAPTCHA challenges to trick users into running malicious code. These scams often appear on compromised or ad-supported websites, urging users to complete extra verification steps.
Once executed, this malware can steal passwords, session cookies and even cryptocurrency wallets.
Members of the ÐÓ°ÉÊÓƵ community are encouraged to look out for the following red flags:
- CAPTCHAs in strange places: Legitimate CAPTCHAs appear on login or sign-up pages, not random pop-ups.
- Extra steps required: If a CAPTCHA asks you to press keys like Win + R, CTRL + V, or Enter, do not proceed.
- Suspicious URLs: Always verify you’re on a trusted website before interacting with a CAPTCHA.
- Website asking you to run commands: A legitimate site will never tell you to execute system commands.
Tips to stay safe include:
- Only complete CAPTCHAs on trusted websites.
- Never copy and paste commands from a CAPTCHA prompt.
- Keep your browser and operating system updated to prevent vulnerabilities.
If you have questions, contact askinfosec@case.edu. For immediate assistance, reach out to the Service Desk help@case.edu or 216.368.HELP (4357).
