CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” The technology was developed to help prevent bot-related fraud on internet sites and has been effective for more than a decade. The prompts are likely familiar to you by now: Type in the string of distorted characters. Which boxes have cars in them? Check the box if you are not a robot.
Now bad guys are using this familiar tool as part of phishing attempts to get to you and your employer’s information.
HOW IT WORKS
Bad guys may target you to get information about you or your employer. They typically start with an email asking you to review a document or alerting you to a voicemail on what looks like your work phone system. Clicking the link or attachment will take you immediately to a fake CAPTCHA site.
The purpose of the fake CAPTCHA is to give the whole scam attempt a feeling of legitimacy and gain your trust. After passing the test, you’ll be taken to the scam website which asks for login credentials to accounts, emails, productivity software and/or collaboration tools.
If bad guys are successful, they will have full access to those accounts and all the information within them.
What To Do
Since this is another take on email phishing, the same rules apply:
- Keep your guard up and be suspicious of email asking you to take any action. Phishing emails often need an immediate response or action.
- Double check the sender. Make sure you know who it is and that the address is correct. Bad guys often use slightly different addresses to try to fool you.
- Don’t click on any links and don’t respond to the message. If you think you know the sender, reach out to the person another way to confirm the email is legitimate. If you trust the email, review the link destination before clicking to ensure the link is going to the website that you expect it to be going to.
- If you do click or open something suspicious, immediately contact your IT department or the company that manages the account. They will be able to provide next steps to verify the email or help protect your information.