As part of National Cybersecurity Awareness Month, Campus Technology Services (CTS) is covering new cybersecurity threats that have emerged this year. Today’s topic is CAPTCHA phishing.
When attempting to log in to a service or access some websites, you are sometimes required to pass a test to prove that you are human. These tests are called a CAPTCHA. These tests will often require you to enter a phrase, a series of numbers or select certain pictures. While inconvenient, these are an important part of verifying that a person accessing a digital resource is, in fact, a person.
CAPTCHA phishing is a new method being utilized by malicious actors to take advantage of how accustomed humans are to performing CAPTCHA tests.
CAPTCHA phishing attacks are typically performed on websites that look like the website you intended to go to. You may be guided to them via a bad web address or a malicious website redirect. Once there, it will ask you to pass a CAPTCHA to access the website. The fake CAPTCHA test will ask you to copy a line of text and paste it into a command window on your computer. By doing this, you will be inadvertently installing malicious software on your computer. This software is often used to remotely access your computer and steal information.
To protect yourself from these attacks, follow these tips.
- Always check the web address of a website asking you to perform a login or CAPTCHA test. If it doesn’t look like the right address, don’t engage and close your browser.
- Never perform a CAPTCHA test that requires you to copy and paste text or access programs outside your web browser.
- Never engage with a CAPTCHA test that asks for too much information. A legitimate CAPTCHA test will never ask for sensitive or personal information.
If you believe you may have engaged with a fake CAPTCHA, please contact the CTS Help Desk.
-- Submitted by Campus Technology Services