Cybercriminals are using fake CAPTCHA challenges to trick users into running malicious code. These scams often appear on compromised or ad-supported websites, urging users to complete extra verification steps.
Once executed, this malware can steal passwords, session cookies and even cryptocurrency wallets.
Members of the Case Western Reserve University community are encouraged to look out for the following red flags:
- CAPTCHAs in strange places: Legitimate CAPTCHAs appear on login or sign-up pages, not random pop-ups.
- Extra steps required: If a CAPTCHA asks you to press keys like Win + R, CTRL + V, or Enter, do not proceed.
- Suspicious URLs: Always verify you’re on a trusted website before interacting with a CAPTCHA.
- Website asking you to run commands: A legitimate site will never tell you to execute system commands.
Tips to stay safe include:
- Only complete CAPTCHAs on trusted websites.
- Never copy and paste commands from a CAPTCHA prompt.
- Keep your browser and operating system updated to prevent vulnerabilities.
If you have questions, contact askinfosec@case.edu. For immediate assistance, reach out to the Service Desk help@case.edu or 216.368.HELP (4357).