The Office of Information Security has observed a trend in which criminals create fake CAPTCHA pages to trick users into copying malicious code into their computer. To protect yourself, do not paste material into your computer.
When a victim clicks the ‘I’m not a robot’ box, verification steps are presented.
Completing these steps triggers a process that downloads malicious software.
By pasting code from a fake CAPTCHA into your computer, attackers can install programs to steal your information, damage your data, or break your device. If you believe you are a victim of this scam, please call the service desk at 314-933-3333, email us at [email protected], or fill out our incident response form. It is always best to be cautious and report anything remotely suspicious.
Further Reading
Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA | Qualys Security Blog