A warning has been issued to anyone who visits unknown websites and completes Captcha tests which are supposed to prove you’re human, as fake ones could give scammers your data
You must ensure you exercise caution when browsing online. Most of us know the basics when it comes to online safety, and we’d never dream of giving our passwords out to anyone who asks, or putting our payment information into a website that seems a little bit sketchy.
But as people get more internet savvy, hackers and scammers have begun to get more sneaky. One woman on TikTok is urging people to be careful with any unfamiliar website they visit on their phone or laptop, as a “very clever” new scam could see hackers gain your personal data and potentially even the money in your bank account if you’re not careful.
The video, shared by a shopping and thrifting expert named Caroline, talked about a type of scam known as a “CAPTCHA scam”, as it spoofs a fake version of the CAPTCHA tests that are common on many websites.
Almost all of us will have seen a CAPTCHA test before. It stands for “Completely Automated Public Turing test to tell Humans and Computers Apart”, and they’re designed to stop bots from accessing websites. They sometimes just ask you to tick a box to prove you’re human, but sometimes, they’re more complicated, asking you to highlight all the pictures with a cat in them or to slide a puzzle piece into the right place.
But according to Caroline’s video, these CAPTCHA tests are being faked by scammers to try and lure people into completing them. Instead of asking you to click on pictures, the test will ask you to input a series of commands into your computer, which could then install a virus known as malware.
Depending on the scam and the software installed by the fake CAPTCHA, hackers could be able to remotely access your device using the virus you unknowingly installed. This will give them access to all the data on your computer, potentially including banking information – meaning they could steal your cash in the worst circumstances.
Caroline said: “In the fake CAPTCHA that’s going around, it will ask you to complete a certain set of instructions, such as pressing keys in a particular order. If you do complete these commands, then malicious software can be downloaded onto your device – otherwise known as malware.
“This can then be used by hackers to steal your data and your money. So be sure to be on high alert every time you see one of these CAPTCHAs, and never complete a set of commands or instructions such as pressing particular keys.”
A real CAPTCHA test will never ask you for personal information or ask you to input any data into your computer. While they can look different, they will always be simple pattern tests, such as selecting images, rotating images, or sliding puzzle pieces.
Commenters on the video thanked Caroline for bringing the scam to light, as many had no idea it existed. They also said they would be sharing her video with people who don’t use TikTok, especially older people who may be less tech-savvy and therefore more likely to fall victim to these scams.
One person said: “I wish I’d seen this sooner! I fell for one earlier this year, and my laptop still hasn’t recovered.”
Another added: “Thank you for this, it’s crazy how many scams are going around these days.”
A third wrote: “I appreciate the information. Really wish I could download the video to send it around to people who don’t have TikTok, like my parents, for example.”
Top tips for staying secure online
The National Cyber Security Centre (NCSC) has helpful information on its website that can help keep you and your family safe when browsing the internet, including how to make passwords secure and how to keep hold of your data. Some important tips they recommend include:
- Use a strong and separate password for your email. You should avoid using the same password for any two websites, but your email password should absolutely never be used again. If your password appears in a data leak on another site, hackers could use it to access your email and any accounts associated with it.
- Install the latest software updates. Software and app updates often contain vital security updates that help to protect your devices from cyber criminals.
- Turn on 2-step verification. This can help protect your online accounts, as it will send a text message or an email with a code in it whenever you or someone else tries to access your account. While you’ll be able to input the code when the login attempt is genuine, hackers will be unsuccessful.
- Use a password manager. Passwords should never be easy to guess, and the strongest passwords are the ones that even you can’t remember because they’re a random string of letters and numbers. Using a password manager can help you create and store passwords securely.
- Backing up your data. Safeguard your most important data, such as photos and key documents, by backing them up to an external hard drive or cloud-based storage system. This means you can always access it no matter what happens to your device.
