Fake Captchas


Fake CAPTCHA attacks are a type of cyber threat where malicious actors create counterfeit CAPTCHA forms to deceive users. CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are typically used to differentiate between human users and automated bots. However, fake CAPTCHAs can be used to steal sensitive information, distribute malware, or perform other malicious activities.

Detecting Fake CAPTCHAs:

  1. Check the URL: Ensure the website URL is legitimate and matches the expected domain. Fake CAPTCHAs are often hosted on suspicious or slightly altered URLs.
  2. Look for HTTPS: Verify that the website uses HTTPS. Secure sites will have a padlock icon in the address bar.
  3. Examine the CAPTCHA: Authentic CAPTCHAs usually come from well-known providers like Google reCAPTCHA. If the CAPTCHA looks unusual or unfamiliar, it might be fake.
  4. Suspicious Behavior: Be wary of CAPTCHAs that ask for excessive personal information or seem out of place on the website.
  5. Out of Context: CAPTCHAs are typically used on login pages, registration forms, or comment sections. If you encounter a CAPTCHA in an unexpected place, it could be fake.
  6. Poor Quality: Fake CAPTCHAs might have spelling errors, low-quality images, or other signs of unprofessional design.

Steps to Take if You Encounter a Fake CAPTCHA:

  1. Do Not Interact: Avoid entering any information or clicking on any links within the fake CAPTCHA.
  2. Close the Browser: Immediately close the browser window or tab to prevent further interaction with the malicious site.
  3. Report: Report the suspicious website.
  • Take a screenshot of the CAPTCHA and report it to the USNH ET&S Cybersecurity Operations Team or contact your institution’s Enterprise Technology Help Desk for assistance.
  • Submitting a ticket via TeamDynamix - https://td.usnh.edu/TDClient/60/Portal/Requests/ServiceDet?ID=172
    • Include as much detail as possible
      • Who: Name of your device (if USNH managed)
      • When: Include the time and day
      • Where: Website in question
      • What: action(s) the suspected fake captcha asked you to take
      • Why: Include a brief statement on why this was suspicious
  • Contact your institutions respective Enterprise Technology Help Desk:
    • Keene State – 603-358-2525
    • Plymouth State – 603-535-2525
    • UNH/USNH – 603-862-2525
  • If you got to the site by clicking a link in an email, also forward the email to phishing.report@unh.edu
  • Send information to IT.Security@usnh.edu

Actions to Take Even if You Did Not Interact:

  1. Run a Security Scan: Use antivirus or anti-malware software to scan your device for any potential threats.
  2. Update Passwords: Consider updating passwords for accounts that might have been exposed to the fake CAPTCHA.
  3. Monitor Accounts: Keep an eye on your accounts for any unusual activity or unauthorized access. Report any suspicious activity.
  4. Educate Yourself: Stay informed about common cyber threats and best practices for online security.
  5. Report: Reporting the suspected fake captcha can help thwart attacker efforts and protect the USNH community. Report via the options listed in the section above.

Real Threats 

  • Clipboard Hijacking:
    • This type of fake CAPTCHA instructs the users to press certain keys (see below) and paste content from their clipboard “for verification”, which can execute malicious commands used to either give full access to your system via malware. 
    • Press Win + R (this opens the Run dialog box); 
    • Press CTRL + V (this pastes the line from the clipboard into the text field); 
    • Press Enter (this executes the code). 
  • Phishing CAPTCHA:
    • Fake CAPTCHAs embedded in phishing emails or PDFs can prompt users to enter sensitive information or download malware. Be suspicious of any CAPTCHA presented via attachment. 

How We Protect UNH 

ET&S installs CrowdStrike Falcon on all UNH-owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). Falcon administrators in ET&S use the Falcon console to investigate and remediate issues. 

In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. 

Categories