UK internet users are being urged to exercise extreme caution online after cybersecurity experts highlighted a sophisticated new scam involving fake Captcha tests. The deceptive scheme, designed to look like a legitimate human verification check, can lead to malware being installed on your device, potentially giving hackers access to your personal data and bank accounts.
How the 'Clever' Captcha Scam Works
The warning was amplified by shopping expert Caroline in a widely-shared TikTok video. She detailed how scammers are creating counterfeit versions of the familiar Completely Automated Public Turing test to tell Computers and Humans Apart (Captcha). These tests are normally used by websites to block automated bots.
However, the fraudulent version operates differently. Instead of asking you to identify images or slide a puzzle piece, the fake Captcha will instruct you to input a specific series of keyboard commands. Caroline emphasised that completing these instructions can trigger the download of malicious software, or malware, onto your computer or phone.
The Dangerous Consequences for Victims
Once installed, this malware can grant cybercriminals remote access to your device. This access could allow them to steal sensitive information, including login credentials and banking details, putting your money at direct risk. The severity of the attack depends on the specific malware deployed by the scammer.
"In the fake Captcha that's going around, it will ask you to complete a certain set of instructions, such as pressing keys in a particular order," Caroline explained. "If you do complete these commands, then malicious software can be downloaded onto your device."
How to Spot a Fake Captcha Test
The key to staying safe is knowing what a genuine Captcha looks like. A real Captcha test will never ask you to input personal information or type keyboard commands. Legitimate tests are always simple visual or interactive puzzles. These can include:
- Selecting all images containing a specific object like a bus or traffic light.
- Rotating an image to the correct orientation.
- Sliding a puzzle piece into an empty space.
- Ticking a simple checkbox.
If you encounter a Captcha that deviates from this pattern, especially one requesting keyboard input, you should immediately close the webpage.
The video alert sparked concern online, with many commenters stating they were unaware of the scam. One user revealed, "I wish I'd seen this sooner! I fell for one earlier this year, and my laptop still hasn't recovered." Others pledged to share the warning, particularly with older relatives who may be less familiar with evolving online threats.
Essential Tips for Online Security
To bolster your defences beyond recognising this specific scam, the National Cyber Security Centre (NCSC) recommends several core practices:
Use strong, separate passwords: Your email password should be unique and not reused elsewhere. Consider using a password manager to generate and store complex passwords securely.
Turn on two-step verification (2SV): This adds a critical extra layer of security to your online accounts, typically by sending a code to your phone when a new login is attempted.
Install software updates promptly: These updates often contain vital security patches that protect your devices from known vulnerabilities exploited by criminals.
Back up your data regularly: Safeguard important files and photos by backing them up to an external drive or a cloud service. This ensures you can recover your information if your device is compromised.
