You Might Have Fallen For This CAPTCHA Scam Without Realising — Here's What To Do Now

Security experts reveal how easy it is to get fooled by this scam and what to do if you think you've been targeted.

By now, you’ve likely run into a CAPTCHA, short for “Completely Automated Public Turing test to tell Computers and Humans Apart.” It’s a security tool designed to distinguish real people from bots interacting with a website.

You’ve likely seen it in the form of quick tasks like deciphering distorted text, identifying objects in images or simply checking the “I’m not a robot” box. These steps help websites prevent large-scale spam in comment sections, block bot-driven account creation and curb activities like ticket scalping.

But be aware: There’s a new scam disguised as a routine CAPTCHA. Instead of prompting users to check a simple “I’m not a robot” box, the fake page walks you through a series of keyboard steps instead. Or, you might check the box and get prompted with an error message that instructs you to type a sequence to override it. It typically asks you to press Windows (or perhaps Command, if using a Mac) R, then Ctrl V, then Enter. This allows hackers on the other end to access your device.

Known in cybersecurity circles as a “ClickFix” attack, the emerging scam puts a familiar online security step to use in a deceptive twist. Instead of attackers trying to force their way into your operating system from the outside by exploiting software vulnerabilities or passwords, this tactic relies on getting users to unknowingly hand over access from the inside.

“When you........

© HuffPost