🚨 Don’t fall for it: Cybercriminals are sending emails that lead to an “I am not a robot” CAPTCHA. Click the checkbox and you’ll see a prompt to press “Win + R,” which opens the command prompt on a Windows computer. Their final request: “Paste in this code.” It’s malware. The links can look like anything, so be on the lookout for this trick.
Don’t fall for it! Hackers are trying to get you to scam yourself
You’re pulling your hair out, trying to fix something on your computer. You Google it and find what looks like a helpful website or a tutorial with easy step-by-step instructions.
Phew, you’re finally solving your problem, but hold up! You’ve just walked into a “scam-yourself” attack. Cybercreeps use this clever strategy to trick you into compromising your tech so they don’t have to do the dirty work.
How bad is it?
Bad. Really bad. “Scam-yourself” attacks shot up 614% in the third quarter of this year alone. Lumma Stealer, the top data-stealing malware type that grabs banking info and browser extensions, spiked by 1,154%.
When something’s broken, our instinct is to rush and fix it as quickly as possible. Now, add to this the fact you’re going through the steps yourself so it feels like you’re in control. That’s exactly what makes these tricks so dangerous.
How they snag you
🤖 Fake CAPTCHA: You verify (“I’m not a robot”), then you’re asked to download a README file for instructions. Those instructions install malware.
▶️ YouTube tutorials: You click a download link in the description of a YouTube video that promises to fix your tech issue. You guessed it! It’s malware in disguise.
🌐 ClickFix scams: You copy and paste commands into your computer while following a step-by-step guide. Oops … You’ve commanded it to obey its new hacker overlords.
🛑 Phony updates: Quick! A pop-up says you need to install a security update right now! It’s malware pretending to be your app, operating system or browser.
How to protect yourself
These scammers are savvy, but you can outsmart them.
Which of these words isn’t part of the CAPTCHA acronym? Is it … A.) Completely, B.) Automated, C.) Turing or D.) Hackers?