Skip to main
News

Beware of Fake CAPTCHAs and Error Message Scams!

This alert is intended for all Duke Community members. Please share as appropriate.
 

Summary

Threat actors are distributing malware through fake CAPTCHA tests and social media to trick users into executing malicious code on their device. This code downloads and executes malware from a malicious site, stealing passwords, cookies, cryptocurrency wallet details, and other personal and financial info. 

Problem

A fake CAPTCHA is a security challenge designed to look like a legitimate CAPTCHA but is a scam. Its purpose is to trick users into executing malicious code on their device, which can lead to malware infections and data theft.

Threats

Below are some examples of fake CAPTCHAs such as scanning a QR code or copying text to the clipboard and pasting into a terminal. 

Examples of Fake CAPTCHAs
Fake CAPTCHA asking user to copy and paste text into the Mac terminal to verify they are not a robot.
Fake CAPTCHA asking user to copy and paste text into the Windows terminal to verify they are not a robot.
Fake CAPTCHA asking user to copy and paste text into the Linux Run Dialog to verify they are not a robot.
Fake CAPTCHA asking user to scan a QR code to verify they are not a robot.

In addition, fake error messages have also been used to trick users:

Examples of Fake Error Messages
Fake error message in Chrome browser asking a user to copy and paste text into the Windows terminal to verify they are not a robot.
Fake error message in Firefox browser asking a user to copy and paste text into the Windows terminal to verify they are not a robot.

HOW WE PROTECT DUKE

  • Be cautious of suspicious CAPTCHA pages or error messages.
  • Avoid interacting with CAPTCHA pages or error messages that seem out of place or unusual.
  • Never execute Terminal commands prompted by websites through CAPTCHAs, error messages, or other verification interfaces.
  • Keep your software and apps up to date.

IF YOU SPOT ONE

  • Take a screenshot of the CAPTCHA or error message and report the page you were visiting to security@duke.edu and any additional steps you may have taken.
  • If you got to the site by clicking a link in an email, use the “report message” button.

ReferenceS

Related