You know those little puzzles that ask you to “click all the images with traffic lights” or “prove you’re not a robot”? They’re called CAPTCHAs, and they’re designed to help websites tell the difference between bots and real people.
But now, cyber criminals are turning this familiar security tool into a trap.
Fake CAPTCHA scams are becoming more common, and more convincing. These scams typically appear on compromised or malicious websites and mimic the look of real CAPTCHAs. When you click or complete the puzzle, malicious code is triggered in the background. This might redirect you to a scam website, prompt you to download malware, or even trick you into handing over personal information.
Because CAPTCHAs are so routine, we often complete them without thinking twice and scammers know it. They use that automatic behaviour against us.
Red flags to watch for:
- You’re asked to complete a CAPTCHA before accessing any site content.
- The page shows a CAPTCHA but immediately redirects after completion.
- You’re asked to download a file or run something after solving the CAPTCHA.
- You’re redirected to unrelated or suspicious websites.
- The URL looks strange or doesn’t match what you expected
How to protect yourself:
There can be multiple signs of a BIN attack. The things you need to look out for are:
- Question anything unusual: If a site that doesn’t normally use CAPTCHAs suddenly does, especially with follow-up steps, it’s safest to close the tab.
- Don’t follow manual instructions: Legitimate CAPTCHAs won’t ask you to copy and paste code, run scripts, or download software.
- Keep your security software up-to-date: Good antivirus and browser protection can help block malicious code and alert you to risky sites.
- Clear your browser history and cache: If you think you may have interacted with a fake CAPTCHA, this is a good step to reduce any lingering risk.
Fake CAPTCHA scams are a reminder that even trusted tools can be weaponised when we’re not paying attention. The best defence? Stay alert and take a moment to pause before clicking.
For extra peace of mind, enrol in the free Cyber Wardens training program. It’s full of simple, actionable tips to help keep your business safe from dark web dangers and other cyber threats.
