With cyber-attacks at an all-time high – and growing – one method many websites use to keep hackers out is CAPTCHA.
CAPTCHA is a security verification process that stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.”
Yes, it’s a mouthful.
It requires humans to enter information, and websites use it to make sure that robots aren’t using their website.
And CAPTCHA is all over the internet – from blogs, to ticket websites, to shopping checkouts.
But hackers have also used CAPTCHA as a tool to trick victims into downloading viruses.
Microsoft’s Security Intelligence team recently identified a hacking campaign involving CAPTCHA.
The cybercriminal group Chimborazo was using CAPTCHA to hack into computers.
The way it worked was the hackers redirected certain websites to a Google reCAPTCHA.
When the user solved the CAPTCHA puzzle, it triggered a download of a virus.
In turn, this infected the victim’s computer with the password-stealing Trojan.
Usually, virus detectors examine files for dangerous code, drivers, libraries, and so on.
But requiring CAPTCHA means the virus scanner only works after the CAPTCHA.
And by the time that’s done, the bad file has already been downloaded.
So, having users complete the CAPTCHA allowed hackers to bypass the analysis the security programs use.
The key behind CAPTCHA is that only humans can decipher them.
But hackers make them seem authentic to trick people into completing fake CAPTCHAs.
And as more companies increase security by using CAPTCHA, hackers are finding more ways to override them.
So, here are a few ways you can protect yourself from a malicious CAPTCHA.
Survey scams are a growing problem.
People want to be a part of surveys and share their opinion, so hackers like to use surveys to target victims.
But surveys often require a CAPTCHA.
Even legitimate surveys want to make sure that the person completing the survey is a human and not a robot.
But hackers also use surveys and CAPTCHA, so it’s best to avoid unless they come from someone you trust.
For many cybercriminals, English is not their primary language, so hackers are known for their poor grammar and spelling.
If you notice any spelling or grammar errors in a CAPTCHA, you should avoid it.
Exit the website and do not enter any information.
When watching a video, you aren’t completing anything that needs human interaction.
If you are trying to view a video online and it requires CAPTCHA, this can be a red flag.
If a video asks you to fill out a CAPTCHA before viewing, you should avoid it.
Check your social media feeds:
If you complete a CAPTCHA and think it might be a virus, immediately check your social media.
Hackers will often steal the passwords to your social media accounts and then post on them.
For example, if you complete a fraudulent CAPTCHA, the hackers could post a link on your social media to entice your friends to click on the link.
Immediately reset your password and send a notice to all your friends to not open anything from you asking them to click on a link.
Today, CAPTCHA is being used in many places for security.
But the more it is used for security, the more it will be tested and manipulated by cybercriminals.
Use these tips to help keep you safe.