What The Tech: Beware of a new “CAPTCHA” scam
BY JAMEY TUCKER, Consumer Tech Reporter
A new scam is making the rounds online, and it’s a sneaky one. It looks like something you’ve probably clicked hundreds of times without thinking… a CAPTCHA test. But this version can quietly steal your personal information and give criminals access to your accounts.
According to the Identity Theft Resource Center, scammers are now creating fake CAPTCHA pages designed to trick users into infecting their own computers.
Here’s how it works.
You land on a website and see a familiar prompt: “Click to verify you’re human.” Nothing unusual there. But when you click it, instead of continuing, an error message pops up. Then it tells you to fix the issue by pressing a series of keys on your keyboard. Typically something like:
Windows key + R
Ctrl + V
Then press Enter
It may look like harmless troubleshooting steps. It’s not. What you’re actually doing is running a command that installs malware on your computer. One of the programs being used in these scams is called StealC, a type of information-stealing malware.
Once it’s installed, it can collect sensitive data including saved passwords, email logins, browser history, and even access to things like cryptocurrency wallets and gaming accounts. The most troubling part is that because you triggered the command yourself, your computer may not immediately recognize it as a threat. You could go days or weeks without realizing
anything is wrong, until you notice unusual charges or get locked out of your accounts.
So how do you protect yourself?
First, remember this: no legitimate website will ever ask you to open a run box, paste commands, or press random key combinations to verify anything.
If you see instructions like that, close the tab immediately. Don’t click anything else on the page.
If you think you may have already followed those steps, disconnect your computer from the internet right away. Then run a full security scan using antivirus software. It’s also a good idea to start monitoring your bank and credit card statements for any unusual activity and consider changing your passwords, especially for email and financial accounts.
This scam doesn’t break into your computer the traditional way. It tricks you into opening the door. And that’s what makes it so effective.
