The Federal Trade Commission (FTC) is warning consumers about a new type of scam that exploits CAPTCHA verification systems—the familiar “I’m not a robot” checks used on legitimate
websites. Scammers are creating fake CAPTCHA screens that appear when you click on links in phishing emails, text messages, or compromised websites. Instead of verifying you’re human, these fake CAPTCHAs trick you into running malicious commands that can install malware, steal your personal information, or grant scammers access to your computer. The FTC notes that legitimate CAPTCHAs ask you to identify images, check a box, or solve a simple puzzle—they never ask you to press specific keyboard combinations like “Windows key + R” or to paste and run commands.
Red flags for CAPTCHA scams include unusual instructions that ask you to press certain keys, copy and paste text, or run commands in your computer’s system. Scammers may also create a sense of urgency, claiming you need to complete the CAPTCHA immediately to access important information, claim a prize, or verify your account. Once victims follow these fake instructions, they unknowingly execute code that can compromise their device, steal passwords and financial information, or give scammers remote access to their computer. The FTC advises being especially cautious with unexpected links and to close any webpage that presents a suspicious CAPTCHA request.
At MVSB, we’re committed to keeping our customers informed about evolving fraud tactics. If you’ve encountered a suspicious CAPTCHA or believe your computer may have been compromised, contact us immediately so we can help monitor your accounts for unusual activity and assist with securing your financial information. We recommend keeping your antivirus software updated, avoiding clicking on unexpected links, and reporting suspicious activity to the FTC at ReportFraud.ftc.gov. Our team is here to help—visit any MVSB branch or call us directly if you have questions about protecting yourself from online scams.
