Fake CAPTCHA on the Rise

Published On: March 21st, 2025|Categories: Blog|Tags: , , , , |2.4 min read|
  • Fake CAPTCHA on the Rise

We’ve seen a specific type of cyberattack usage increase significantly over the past few weeks. Posing a serious threat to your websites and visitors, this type of attack is known as a Fake CAPTCHA. Many dealership websites have experienced this attack, as victims find themselves tricked into performing keystrokes that unknowingly execute harmful commands.

The fallout damage can be brutal, but easy to prevent if you know what to look out for.

 

How does it work?

The process begins by asking the user to click an “I am not a robot” checkbox. A malicious command is unknowingly saved onto their device’s clipboard by clicking this box. From here, the Fake CAPTCHA will request you to input three specific commands:

  1. Windows + R: Opens the “Run Dialog” box.
  2. CTRL + V: Pastes the malicious command from your clipboard.
  3. Enter: Runs the command and triggers the attack.

The malware involved is a “loader” that downloads additional threats. This could look like an infostealer (steals browser passwords), or a remote access trojan (allows attackers to control your system). A high-quality Endpoint Detection and Response (EDR) tool should block it.

 

How do you stay safe?

To protect not only yourself, but your team and your customers, follow these recommendations:

Adopt Caution

If something looks off or out-of-the-norm, don’t ignore your intuition! Be wary when a CAPTCHA is asking for keystrokes instead of selecting images.

Stranger Danger

Just as you wouldn’t give blind trust to a stranger on the street, make sure you know the source asking this of you. Never execute commands from an unknown or untrusted party.

Trust Your Gut

You may be noticing a theme, but it’s undeniably important. If you’re unsure about the situation, it never hurts to report it to your IT team.

Go Far with EDR

As we mentioned earlier, a high-quality EDR tool should block this type of attack before you even have the chance to see it.

 

What if an attack happens?

If you or any of your employees at the dealership encounter this attack, follow these steps:

  1. DO NOT follow on-screen instructions to press keys.
  2. CLOSE the affected browser tab.
  3. CLEAR YOUR WEB BROWSER’S CACHE (usually referred to as “Delete Browsing Data” in your browser’s settings.
  4. REPORT the issue to your IT/security team and to your website provider.

If this type of attack is something you’ve encountered, we strongly recommend that you change your passwords immediately. It wouldn’t hurt to ensure that your PC is scanned for the malware by a reputable EDR tool, either.

 

Your security is our number one priority. Please share these tips with your employees, especially the ones frequently accessing dealership websites and checking vehicle inventories. If you have any questions or need further assistance, don’t hesitate to reach out.

Share:

Related Posts

Let’s Talk

Together in your 20-minute free consultation, we’ll:

  • Discuss your current IT posture and goals
  • Review tactics you could implement today to improve your overall results
  • Discuss how Proton Dealership IT may be able to help or point you to valuable tools and resources

In order to effectively review your dealership and IT challenges prior to the call, please tell us a bit about you first.