We check the box without thinking even though it is the favorite playground of cybercriminals.
“Check that you are a human”, “I’m not a robot”, “A heart beats inside you”… These wordings appear on the home pages of many web pages. The goal? Stay away from automated systems known to create accounts aimed at generating spam. So, we click, we check and we validate without asking any questions. A boon for cybercriminals who take advantage of this lack of vigilance to steal confidential data. Fortunately, there is one key detail that helps detect these scams.
Indeed, fraudsters know that no one really analyzes a CAPTCHA, the name used for these control windows. This is why they reproduce the visual codes to perfection. Colors, text placement, icons, font… everything is designed to trigger our usual reflex. However, once the trap is closed, identifiers, photos, contacts and sensitive data are then resold on the dark web or used to usurp the person’s identity.
So how to recognize fake CAPTCHAs? These generally request suspicious actions instead of usual tasks such as image recognition or text entry. Indeed, most of the time, they instruct the user to click to verify their identity, then use Windows+R, Ctrl+V to paste a malicious command, and Enter to execute it. This command enables legitimate Windows tools to download malware from remote servers. To avoid triggering false CAPTCHA actions, it is therefore advisable to keep your operating system and navigation software up to date. Additionally, be sure to install an up-to-date security solution and an ad blocker. And finally, if you are asked to prove that you are human via a keyboard shortcut, there is a good chance that someone is trying to harm you.
As you will have understood, it is preferable to be extra vigilant when browsing the Internet, especially during the month of December. With the holidays approaching, many Internet users are making online purchases and mechanically clicking to the payment page. In short, some advice: keep your eyes peeled!
