Artyom Sheikin, Deputy Chairman of the Council for the Development of the Digital Economy under the Federation Council, warned about a growing scheme of data theft through fake Captcha. Unlike a standard check where users need to select images, this scheme prompts the user to open an additional window and confirm the launch of a program. The scheme works flawlessly: Captcha verification has long been perceived as a routine formality.
Technically, the attack is based on imitating a familiar interface. Instead of selecting "traffic lights," the victim is instructed to press certain keys and confirm the execution of code. The user, thinking they are undergoing verification, personally activates a malicious program that gains access to saved passwords, accounts, and banking information.
A real Captcha never requires opening new windows, pressing key combinations, or launching anything on the computer. If a "check" suggests performing such actions, it is an attempt at infection, and the page must be closed immediately.
Комментарии