A new online scam is raising red flags, and it’s something nearly everyone has encountered while browsing the internet.
Cybersecurity experts are warning about fake CAPTCHA tests, the familiar “I am not a robot” verification boxes, now being used to trick users into downloading malware without realizing it.
How The Scam Works
According to the Identity Theft Resource Center, scammers are creating realistic-looking CAPTCHA pages that go far beyond simply clicking a box.
Instead, users are prompted to follow unusual keyboard instructions like pressing the Windows key and “R,” then “Ctrl + V,” and hitting Enter. While it may seem like part of the verification process, those steps actually run a hidden command on your computer.
View this post on Instagram
That command can install malware known as “StealC,” which is designed to quietly collect sensitive information like saved passwords, login credentials, and browser data.
Experts stress that legitimate CAPTCHA systems will never ask users to run commands or use keyboard shortcuts.
Local Businesses Also Seeing Scams
The growing threat isn’t just theoretical. Lafayette business owner Nidal Balbeisi recently warned fellow restaurant owners about an Uber Eats-related scam circulating locally.
It’s another reminder that scammers are targeting both individuals and businesses, often using familiar platforms and processes to gain trust quickly.
What You Should Do If You Encounter It
If you come across a CAPTCHA page asking for anything beyond clicking images or checking a box, close the page immediately…