Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a type of security that verifies if a source is authentic or not. It is also used to prevent programmed attacks on websites.
However, cybercriminals have developed malicious CAPTCHA techniques to trick users and perform fraudulent activities. Understanding these threats are crucial for maintaining cybersecurity and protecting sensitive information. Let’s first look at what are normal CAPTCHA requests
Understanding these threats are crucial for maintaining cybersecurity and protecting sensitive information. Let’s first look at what are normal CAPTCHA requests.
Typical CAPTCHA activity:
- Text-Based CAPTCHA – Have you ever seen one of these when you are verifying a login or your account?Users are asked to identify distorted or warped letters and numbers and write them into a text box.
- Image Recognition CAPTCHA – Another normal request is when a user selects images that match a given prompt. For example, you might be asked to “Select all traffic lights” in an image.
- Checkbox CAPTCHA – A simple “I’m not a robot” checkbox is also used. This can analyze a user’s behavior to help verify their legitimacy.
- Math or Puzzle-Based CAPTCHA – Sometime, a verification may require solving a simple math problem or arranging puzzle pieces.
Now that you know what some typical CAPTCHA requests are, let’s look at some suspicious ones that should raise alarm.
Suspicious CAPTCHA activity:
- Unusual Requests –Legitimate CAPTCHAs will never ask for personal details like usernames, passwords, or payment information.
- Requests for Unusual Actions –Be wary of CAPTCHAs that ask you to perform system-level actions, like opening the Run box and entering specific commands or executing scripts.
- Unexpected CAPTCHA Requests –CAPTCHAs are usually placed on the login page or login form submission. It is not placed randomly around the website.
- Redirects and Pop-Ups –CAPTCHA systems do not lead to multiple redirects or intrusive pop-ups.
By following best practices, recognizing fraudulent CAPTCHAs, and taking immediate action if you encounter one, users can protect themselves from online threats.
If you experience a CAPTCHA on a website that exhibits suspicious behavior like the ones above or the situation just doesn’t seem right, workforce members should follow their suspicions. Contact the Help Desk at 615-343-HELP (3-4357) for assistance with resetting your password and notify the VUMC IT Security Operations Incident Response team of the activity.
