How It Really Happened: NINJIO Season 10, Episode 10 – The CAPTCHA Con

THE CAPTCHA CON

Security Topic: CAPTCHA Human Verification Threats

NINJIO Season 10: Episode 10
Emotional Susceptibility: Obedience
Tia Carrere returns as “Heidi,” who informs us about the emerging threat of fraudulent human verification CAPTCHA screens. Use of these fraudulent prompts by hackers has increased over 50% recently. The scheme relies on the ease with which people follow the steps in a CAPTCHA prompt without thoroughly thinking them through, mostly due to people’s sense of obedience. Attackers have deceived users into executing malicious commands that ultimately lead to the installation of malware.

Teachable Takeaways:

• Bad actors have begun taking advantage of people’s sense of obedience through attacks that hide malicious elements in common experiences.
• A CAPTCHA prompt that instructs you to run programs or execute commands should be treated as suspicious.
• Use extra caution whenever you encounter a CAPTCHA prompt, especially if it’s a different experience from what you are used to.

Additional Reading 

1. Fake captcha attacks are increasing, say experts – CSO Online
2. Think twice before you click: this captcha might steal your money – Cybernews
3. From CAPTCHA to catastrophe: How fake verification pages are spreading malware – Cyberguy
4. Fake CAPTCHA Malware Campaigns – New Jersey Cybersecurity & Communications Integration Cell
5. Malicious ads push Lumma infostealer via fake CAPTCHA pages – BleepingComputer