Before you fill out a CAPTCHA form on a website, know a scammer could be behind it

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

The chances are good that you have come across a human authentication system online. In Google’s version, you are usually asked to point out things like cars, traffic lights or fire hydrants. Other websites might use the popular CAPTCHA test.

A word or a phrase is usually displayed in a strange font or typeface. This is done so that computers can’t “read” the letters, as only a human can decipher the code. Interestingly, Google acquired the reCAPTCHA deployment system in 2019.

Cybercriminals are now using the same technology to target potential victims. While the use of CAPTCHA as a scam delivery system isn’t new, the frequency of online deployment has increased. Here’s what to look out for, and how to stay safe.

Here’s the backstory

Visual puzzles aren’t the preferred method for scammers. But a recent report by Proofpoint showed that attacks using CAPTCHA increased by 50 times compared to last year. The technology itself isn’t the scam, but it lends more credibility to the overall scam.

Scams can be delivered through phishing emails or targeted attacks, and CAPTCHA ensures that the criminal targets a real person. It can also be used to determine where the victim is from.

Once the potential victim opens the phishing email, they might be asked to log into a website or service. To make it look more authentic, cybercriminals will insert a CAPTCHA verification. Some people will then assume that the resulting webpage is real, which it most certainly isn’t.

But why are more people falling for the CAPTCHA scam? It might have something to do with working from home.

“Remote workers may have been more distracted and cognitively taxed under the stresses of 2020. Perhaps some were even primed by new remote-work controls to see the CAPTCHA question as a normal security challenge,” the report explained.

Research also indicated that these attacks could have been linked to the Emotet botnet that caused havoc last year. A cybercriminal campaign sent out massive amounts of spam email, many of which often used world…