Don’t Press Those Keys! How to Spot the New “Captcha Scam”

Summary

• Identity criminals are using realistic, fake CAPTCHA pages to scam Windows users into running malicious commands that download an information-stealer.  
• The captcha scam instructs victims to press Windows Key + R, then Ctrl + V, then Enter — a sequence that pastes and runs a hidden command from the clipboard.  
• Security researchers at LevelBlue say the info stealer (known as “StealC”) can harvest browser credentials, Outlook login data, Steam account info, crypto-wallet data and other sensitive items.  
• Compromised or malicious web pages are being made to look like legitimate CAPTCHA security requests so the prompt appears routine and trustworthy. 
• If you believe you’ve been scammed or exposed to malware, contact the Identity Theft Resource Center for free help and recovery support by text or phone (888.400.5530) or via live chat. Visit the ITRC to get started. 

We’ve all seen them: those “CAPTCHA” boxes that ask you to click on pictures of traffic lights or crosswalks to prove you aren’t a robot. They’re a bit annoying, but we trust them to keep sites safe. Unfortunately, scammers are now using a convincing captcha scam to trick you into handing over the keys to your computer. Here is what you need to look out for to keep your information safe. 

How the Captcha Scam Works 

Usually, a security check just asks you to click a button. However, in this new “bait-and-switch” captcha scam, the webpage will tell you there’s an error and give you a few “simple” steps to fix it. 

The page might ask you to press a specific sequence of keys on your keyboard (like the Windows Key + R, then Ctrl + V). Stop right there! By following those steps, you are actually telling your computer to: 

1. Open a hidden command box. 
2. Paste in a “script” (a set of invisible instructions) that the attacker wrote. 
3. Run that script, which downloads a virus onto your computer. 

What is the “StealC” Virus?  

The goal of this captcha scam is to get an information-stealing virus called StealC onto your machine. Think of StealC like a digital pickpocket. Once it’s inside, it quietly searches your computer for: 

• Saved passwords and “cookies” from your web browser. 
• Login info for your email (like Outlook) and accounts like Steam or crypto-wallets. 
• Screenshots of what you’re doing and details about your computer. 

Since you “authorized” the command by pressing those keys, your computer might not even realize it’s being robbed. You may not know until you start seeing weird charges on your credit cards or get locked out of your accounts. 

How to Stay Safe  

The most important rule of thumb is this: A legitimate website will never ask you to run a command or use a keyboard shortcut to prove if you are human. 

• Close the Tab: If a site asks you to open a “Run” box or paste code, it’s a captcha scam. Close the window immediately. 
• Go Direct: If you’re worried a site is blocked, don’t follow the links on the screen. Type the address directly into your browser yourself. 
• Create a Passkey: If you are prompted to create a Passkey to log in to your accounts, do it! They are more secure than a password because they don’t require you to remember anything, and they aren’t subject to a data breach. 
• Use MFA: Always turn on Multi-Factor Authentication (MFA). Even if a criminal steals your password, MFA acts like a second deadbolt on your door that they can’t unlock. 

What to Do If You’ve Been Affected 

If you followed those keyboard prompts and think your computer might be infected by a captcha scam, don’t panic—but act fast: 

1. Disconnect: Turn off your Wi-Fi or unplug your internet cable. This “cuts the line” so the criminal can’t send your data back to their server. 
2. Change Passwords: Using a different, clean device (like your phone), change the passwords for any account where you used the same or similar password. Also, don’t use the same password on more than one account. 
3. Scan for Viruses: Run a full scan with a trusted antivirus program. 
4. Watch Your Money: Check your bank statements for any charges you don’t recognize. 

The ITRC Can Help 

If you believe your identity or accounts have been affected by a captcha scam, contact the Identity Theft Resource Center (ITRC) for free, confidential guidance. Call or text toll-free at 888.400.5530 or use live chat on the ITRC website. Our advisors can help you plan the next steps to begin recovery.