Malware scam exploits CAPTCHA verification tests by pretending to be human

New CAPTCHA Scams to Beware Of

There are new scams popping up in places you might not expect.

According to security experts, the Identity Theft Resource Center (ITRC), there’s been an uptick in what’s being called ‘CAPTCHA scams.’ This growing threat takes advantage of a simple checkbox that’s normally intended to differentiate between real users and bots.

Rather than actually protecting sites, these deceptive prompts aim to lure people into fraud or to introduce malware onto their devices.

When users land on a particular webpage—possibly via a misleading ad, a dubious download link, or even through pirated content—they are shown what seems to be a standard human verification test.

However, instead of merely clicking a checkbox or selecting an image, the site often asks users to undertake additional actions, like clicking “Allow” on a notification request or copying a command to run.

Once you click “Allow,” you might start receiving scam notifications, such as fake virus alerts or phishing attempts. In some cases, following these prompts can lead to the installation of malicious software.

It’s common for these websites to claim there’s an error, then suggest “easy” fixes involving key sequences, like pressing the Windows Key + R, Ctrl + V, and so on.

In those moments, the command box that opens on your computer might prompt you to paste and execute a “script” created by the scammer, leading to a virus download.

Unlike conventional phishing attacks, these CAPTCHA scams utilize compromised advertising networks or chains that redirect users to harmful sites without any clear warning signs.

One reason many individuals fall victim to these scams is that the CAPTCHA prompts often appear at moments when users are in a hurry, reducing their vigilance.

Moreover, because fake CAPTCHAs resemble legitimate prompts, they typically don’t raise any flags.

Experts emphasize that genuine CAPTCHAs will never ask users to enable browser notifications, run commands, use keyboard shortcuts, or download extra software. If a site urges you to open a “Run” box or paste a code, it is likely a scam.

Consumers are advised to steer clear of dubious prompts and to promptly close any suspicious web pages.

Additionally, keeping your browser updated, using ad blockers, and managing notification permissions can help minimize exposure to these scams.

If you’ve already engaged with these prompts and suspect your computer may be compromised, the ITRC advises against panic but emphasizes taking quick action.

They recommend disconnecting from the internet—either by turning off your Wi-Fi or unplugging the internet cable—so that cybercriminals cannot transmit your data back to their servers.