Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security measure verifying a user is human and not a computer. You’ve seen these boxes you need to click to confirm “I am not a robot”. However, Cybercriminals increasingly use fake Captcha pages to trick users into downloading malware. These deceptive pages often appear when visiting compromised websites or through phishing links. They may prompt you to download a supposed “verification” file—often laced with malware.
What to watch for:
- Unusual Captcha behavior – real Captchas don’t ask you to download files. If one does, it’s a scam.
- Mismatched branding – look for inconsistencies in logos, fonts, or URLs or webpage structures.
- Unexpected redirects – if Captcha leads you to a random download, exit immediately.
By staying vigilant and following these tips, you can protect yourself from falling victim to malware hidden in CAPTCHA pages. Stay safe online!
The Cybersecurity Tip of the Week has moved to Tuesdays! Come back every week for a new tip. If you’ve missed some, are new to the university, or want to search for a tip on a certain topic, these are all stored in our Tip Archive.