That “I’m Not A Robot” Box Could Be A Scam

Most of us have clicked the little “I’m not a robot” box without giving it a second thought. It’s a normal part of browsing online, whether you’re signing in, filling out a form, or making a purchase. Because it feels familiar, it’s easy to trust. However, scammers are now using fake CAPTCHA pages to take advantage of that trust.

These scam pages look like normal security checks, but instead of verifying that you’re human, they’re designed to trick you into infecting your own computer. After clicking the box, you may be told to complete a few “verification steps,” often involving a series of keyboard commands. While it may seem like part of the process, those commands can actually download malware onto your device.

Once installed, that malware can give scammers access to sensitive information like saved passwords, online banking credentials and personal data.

How CAPTCHA Scams Work 

1. A Familiar-Looking CAPTCHA Page Appears: You may land on a fake website or click a link that brings up what looks like a standard “I’m not a robot” verification box. Because the page looks legitimate, many people don’t think twice before clicking it.  
2. You’re Asked to Follow Keyboard Instructions: After clicking the box, the fake CAPTCHA may display step-by-step instructions telling you to press certain keys on your keyboard. For example, it may ask you to open the Run command on your computer, paste in a line of text, and press Enter to “complete verification.” These steps may look like part of the security process, but they are actually designed to run malicious code and install malware on your device.   
3. The Commands Install Malware: What you are actually doing is running malicious code on your own device. This can install malware that steals information, tracks activity, or gives scammers remote access to your computer.
4. Your Information Is Put at Risk: Once malware is installed, scammers may be able to capture usernames, passwords and other sensitive personal or financial information without you realizing it.

How to Protect Yourself

1. Be Suspicious of Extra Steps: A real CAPTCHA test will never ask you to press keyboard shortcuts, copy and paste commands, or open programs on your device. If you see instructions like that, it’s a scam.   
2. Stop Immediately if Something Feels Off: If a website asks you to complete unusual steps after clicking a CAPTCHA box, close the page right away. Do not continue entering information or following prompts.   
3. Use Trusted Security Software: Antivirus and browser security tools can help detect malicious websites and block harmful downloads before they can do damage.   
4. Verify Before You Act: If the CAPTCHA appeared while trying to access an account, go directly to the company’s official website instead of following prompts on a suspicious page.

Scammers are getting creative by making fake security checks look convincing, but the warning signs are there. If a CAPTCHA asks you to do anything beyond checking a box or selecting images, stop immediately. Knowing what to watch for can help protect your personal information and your finances.

If you think you may have inadvertently shared your personal information with a scammer, please reach out to us right away. You can call us at (805) 733-7600, visit your nearest branch, send a secure message through mobile or online banking, or use the phone number on the back of your debit or credit card.