Fake Captcha code scams online bank users

Do you know how to recognize fake Captcha code? This virus could steal all your data and damage your mobile or desktop device. Here's how to defend yourself

Phishing can take on many faces, ranging from fake emails from banks and Nigerian heirs to messages on WhatsApp about phantom Amazon packages waiting to be picked up. Lately, it also appears in the form of fake Captcha, the system designed by Google that allows web portals to recognize a real user from a bot and thus avoid DDoS attacks.

In recent weeks, this system has been exploited by a group of hackers as "psychological leverage". Thanks to the fake Captcha, users are convinced that they are surfing on a trustworthy site and ready to provide their personal information or download files from the email or webpage. The new scam is particularly insidious because the fake Captcha code is graphically very similar to Google's and therefore particularly convincing. The victims are users of online banks. Let's see in detail how it works and how to defend yourself.

Fake Captcha Code: How to Recognize Online Scam

According to Sucuri experts, this phishing scheme was first used in Poland, but it cannot be ruled out that it has since spread to the rest of Europe and the world. In this case, the user receives an email where he is asked to click on a link within the text. This type of scam - clicking on a link - is certainly nothing new in the field of phishing, what is unusual is the next step.

In fact, if the victim does not realize that the email is a scam and clicks on the link, he does not land on a page that looks exactly like the home page of the online bank, as is usually the case. Instead, the user is sent to a verification page, where he has to pass a Captcha test that graphically is very similar to the one used by Google.

The fake Captcha code shows the user the classic set of 9 photos and asks him to click only on those that depict buses. Once passed the test the user is apparently redirected to a 404 error page, but in reality it starts downloading a malicious file that opens the doors to hackers and allows them to send other malware made to spy on their online activity.

Fake Captcha code scam travels to mobile

Fake Captcha code scam travels to Android mobile devices as well. Some examples of the malware have been uploaded to VirusTotal, so that they can be immediately recognized and users can be properly warned. The virus mainly affects smartphones where, once it gains access, it is able to read location and contacts on the mobile device. Moreover, it can even send messages, make phone calls and steal sensitive information.