Be Alert for CAPTCHA Scam Campaigns

CAPTCHA tests are designed to keep websites secure, but scammers are now using them to trick users. Learn how to recognize these scams and keep your information safe. 

 

 

 

In the age of the internet, many websites rely on tools like CAPTCHA as a test to tell humans and robots apart. CAPTCHA can be a text, image or audio test that only humans can pass. You've likely come across this tool on legitimate websites that ask you to type out the listed characters, pick out objects like a bicycle or traffic light in images, or check a box to prove you're human.

CAPTCHAs have been essential for preventing robots from flooding websites with spam, continuously filling out forms or making unauthorized purchases. In recent examples, however, scammers have begun using this tool for their own malicious purposes.

How It Works

Scammers use CAPTCHAs to trick people into thinking their fake websites are real. The scam typically starts with an email asking you to review a document or to listen to a voicemail on your work phone system. Clicking on the attachment or link leads you to a fake website asking for CAPTCHA verification to make it look legitimate.

After passing the CAPTCHA test, you'll be taken to a fake website asking for additional credentials like a username and password, or payment information. If successful, the scammers will then gain access to those accounts and the information they contain.

What to Do

To keep yourself safe when browsing online, it's important to be watchful, use the internet safely and know what scams to look out for.
  • If you receive an email that feels urgent and out of the ordinary, be alert and independently verify the source as it could be a scam.
  • Never click on unfamiliar links or attachments as they may contain malicious software.
  • Use multi-factor authentication (MFA) whenever it's available. If your account is being accessed by someone, they can't get in without your MFA code, which is a second layer of authentication.
  • Use different passwords for each website and account you have access to, and be sure the passwords are strong. It's recommended to have 15 or more characters with a mix of special characters, letters and numbers.

If you think you've been a victim of a scam, contact your local bank location immediately to help prevent or stop any monetary losses. You can also report scams to the Federal Trade Commission at reportfraud.ftc.gov.