For those of you who might be shopping online this holiday season (might?? haha), you will probably see a CAPTCHA – that “confirm that you are not a robot” puzzle with several pictures or parts of pictures that may or may not contain a: bicycle, train, bus, streetlight, or some other object that computer users are supposed to be able to recognize.
Of course, as with all technology, there is now a CAPTCA fraud. Here is more from the ALTA website:
- ——————————————-
- Original Message:
- Sent: 11/1/2024 9:01:00 AM
- From: Genady Vishnevetsky
- Subject: Security BUZZ – Beware of Fake CAPTCHA Pages!
- CAPTCHA pages, those annoying puzzles that ask you to identify traffic lights or crosswalks, are meant to protect websites from bots. However, cybercriminals have found yet another way to use CAPTCHA pages for malicious purposes.
- Researchers recently discovered a new campaign using a malicious program called Lumma Stealer, which is being spread through fake CAPTCHA pages. Lumma Stealer is a type of malware that steals sensitive information, such as passwords and cryptocurrency wallet data.
- These fake CAPTCHA pages are inserted into legitimate applications. When you click the “I’m not a robot” button and follow the verification steps, you might unknowingly download a malicious program known as Lumma Stealer to your device. This deceptive tactic is just one of the numerous strategies employed by cybercriminals to spread this type of malware. Lumma Stealer has been detected across a range of platforms, including popular social media sites like YouTube and Facebook, as well as in various online gaming environments.
- To protect yourself from Lumma Stealer and other malware threats, be cautious of suspicious CAPTCHA pages. If you encounter a CAPTCHA page that seems out of place or unusual, it is best to avoid interacting with it.
- Legitimate CAPTCHA pages are usually found on websites that require user verification, such as login or account creation pages
- Be cautious of CAPTCHA pages that appear on unexpected websites or in applications
- Always check the website’s URL to ensure it is legitimate
- Keep your software and operating system up to date to patch vulnerabilities that could be exploited by malware
And now, for something more fun involving CAPTCHA. There is a YouTube by a CAPTCHA photographer who describes her work. It’s FASCINATING! Check it out:
See Who Takes the Photos for CAPTCHA
“Every once in a while, you have to pass a CAPTCHA test to use something on the internet. This is supposed to prove you’re a human user, and not a robot or an algorithm trying to introduce spam, malware, or misinformation. Sure, we understand why these are sadly necessary, but they can be enraging. You may be instructed to check all boxes that contain a traffic light, for example, but they don’t tell us whether the pole holding it is included. Or the indicated object is too far away to see. Or you may miss a tiny corner. Bingo- you’ve been labeled as a ‘bot and cannot access what you came for. Requesting a different image may or may not improve your chances, but you get the feeling that just the request causes a bias against you. Who comes up with these things?
It takes an entire team, but the photographer is Landra Fontaine, who loves her job because she’s a sadist. And a trickster. A professional troll. You might even call her the scum of the earth. The next time you are confounded by a CAPTCHA, you will know who to blame. -via Laughing Squid”
YouTube: “The Woman Behind the CAPTCHA”
I had no idea there is an actual photographer for captchas – I always thought it was randomly selected images from google street view. How interesting!
I know! Can you imagine that as a job? I thought it was super interesting to hear her comments about how she selects the objects to photograph.
Wow, that is scary! Cops and robbers continues in the techosphere. Thank you so much for sharing this! No more online shopping haha.
Did you hear about the QR code scams? Fort Lauderdale was hit by someone posting troll QR parking code signs on their public parking meters which leads unsuspecting scanners to fraudulent sites that capture and steal their banking information.
Lot’s to look out for this holiday season.
Posting fake QR codes on parking signs? That’s just rude.
And that’s how I fell for my QR code scam – the hotel’s room service menu (see https://bbswords.com/dont-be-fooled-qr-codes/). I ignored the warning signs that asked me for my credit card information.
May everyone be safe this holiday season, physically AND electronically!!
Yikes! I missed that one.
Happy Holidays =}