The ever-changing face of cybersecurity now includes a new and insidious threat that preys on the trust and familiarity that users have with common web elements. This article will explore some of the danger that fake CAPTCHA screens present and how they are used to trick unwary internet users into compromising their own systems.

What are CAPTCHA Screens?

CAPTCHA screens have grown to be ubiquitous parts of our browsing experience: one encounters them every time they sign in, complete forms, or try to view certain information. These are meant to help tell a human user apart from an automated bot and usually challenge users to either identify objects within images or to type out distorted text.

Because they are so prevalent and seemingly protective in nature, most of the internet has learned to trust a CAPTCHA screen as part and parcel of good security. And it is precisely this trust that cybercriminals are now abusing with alarming effectiveness.

How Does the Fake CAPTCHA Scam Work?

The fake CAPTCHA scam is a form of evolved social engineering that pulls from users’ experiences with such verification processes. The general manner in which this happens is as follows:

Event Order:

1. The user tries to view content, usually in the form of a video or some restricted webpage.

2. Up opens another CAPTCHA pop-up, identical to any legit captcha page.

3. It asks for clicking on one of those “Start” verification buttons.

4. Unbeknownst to the user, clicking performs some malicious JavaScript to deposit a harmful PowerShell command on his clipboard.

5. Further, the screen flashes with a set of harmless-sounding instructions to follow.
   Deceitful Instructions
   Instructions in the given screenshot look innocuous and harmless to a naive user. However, those are steps needed to run/execute the code:

6. Press the Windows key + R to open the Run dialog

7. Press Ctrl + V for pasting malicious code present on the clipboard

8. Press Enter for Execution of the code

These are simple steps, the consequence of following which may lead to the installation of trojans or other malware on the user’s system.

Why Is This Scam So Effective?

There are a number of reasons this scam is effective:

Familiarity Breeds Trust

Users are accustomed to seeing and working with CAPTCHA screens. The fake one looks enough like the real deal that it doesn’t raise immediate suspicion.

Exploiting Technical Naivety

Most users don’t really appreciate the technical implications of what they are being told to do, so pressing a few keys seems harmless enough.

The Urge to Get to the Good Stuff

In most cases, the user wants to get to whatever is behind the CAPTCHA. Thus, their urge for access makes them susceptible to the instructions.

Abuse of System Features

The scam is intelligently designed to use legitimate Windows features, such as the Run dialog and clipboard, to deliver its malicious payload, thus making it difficult for security software to detect.

Who Is Most at Risk?

While tech-savvy individuals might spot the red flags in this scam, many users are vulnerable:

• Those unfamiliar with technical processes

• Users who are in a hurry and not paying close attention

• People who implicitly trust website instructions

• People who do not realize the potential implications of running unknown commands

How Can You Protect Yourself?

The best defense against this and other scams is awareness. Some tips for keeping safe are as follows:

Be Wary of Suspicious Instructions

If a CAPTCHA requests you to perform actions that seem unusual, different from the normal image recognition or text entry.

Never Execute Commands You Do Not Understand

Do not run commands or key combinations unless you understand what you are trying to accomplish.

Utilize Legitimate Security Software

Keep antivirus and anti-malware applications up to date in order to detect and block the threats.

Educate Thyself and Others

Learn the most common schemes and share with friends and family who are more vulnerable.

Verify the Source

Whenever possible, verify that the site you are on is legitimate before acting on any security pop-ups.

The Broader Cybersecurity Implications

This false CAPTCHA scam represents one frightening dimension of cybercrime: the exploitation of user trust in elements that are part of the ordinary web experience. It points to the need for increased user education about cybersecurity risks, more robust browser security features that can make clipboard manipulation impossible, and increased detection capabilities for security software.

The Role of Businesses in Protecting Users

Businesses utilizing CAPTCHA systems on their websites have a due diligence responsibility to ensure they are not unwittingly training users to fall victim to these scams. This may include:

• Utilizing known, reputable CAPTCHA services

• Informing users of what to expect in valid CAPTCHAs

• Employing additional layers of security that don’t wholly rely on user interaction

Stay Informed, Stay Safe

Cyber threats continue to evolve at an ever-increasing rate. As a company, BrainStomp is committed to keeping clients and the general public informed of current security risks and best practices. We invite you to contact us for more information about how to protect yourself and your business from emerging cyber threats. 

Our experts are ready at any moment to assist and establish effective security measures relevant to your needs. Never let cyber criminals exploit your trust; call BrainStomp today and take care of your digital security.