The Naperville Police Department is warning residents to be wary of CAPTCHA scams. The department shared information from the Federal Trade Commission on the topic in a Facebook post on Thursday.
Identifying the scam
The FTC says a new phishing scam uses what look like CAPTCHA requests, which are used to prove users are not robots on many sites.
Real CAPTCHA tasks are image- or text-based, asking users to do tasks like matching pictures of traffic lights or typing in a series of letters and numbers as they appear.
CAPTCHA scams request users to input a series of commands such as “Windows + R,” then “Ctrl + V,” and “Enter.” This set of commands leads to a pop-up that looks like a security verification, but it instead pastes and runs hidden malware on your device. Scammers use the malware to steal personal information such as bank credentials and login data.
Real CAPTCHA requests, the FTC said, will not request a user to run these types of commands.
How to protect yourself
The FTC advises those who fear that they may have downloaded hidden malware due to this scam to quickly disconnect from the internet to block scammers from accessing the device.
Users should next run a security scan on their device to check for malware and keep software up to date.
Finally, change the password and enable two-factor authentication with another device if a hacker already has access to the account.
Report phishing scams
Any suspicious CAPTCHA requests or pop-ups that appear to be spreading malware should be reported to the FTC.
If you have a story idea, we want to hear from you!
