To err is human.

We’ll just leave it at that, for now.

Here’s what non-robots need to know: CAPTCHA scams are on the rise. (A big shout out to YouTube’s Digital Footprint and host Moreno Dizdarevic who initially raised the alarm regarding such scams.)

Now, you may not be familiar with the tech term CAPTCHA. Or maybe you’ve heard it mentioned but have no clue what it means. Regardless, you have 100% experienced it firsthand (and many, many times for that matter.).

For the record, CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.”

Catchy, that CAPTCHA.

We use this tool virtually every day as we navigate the web. Programmer Luis von Ahn devised the Internet-based test in the late 90s as a means to combat early hackers who were weaponizing bots to spam sites with debilitating links.

How many times have you attempted to visit a website and been asked to translate some distorted text, select all of the motorcycles in a photo grid, or rotate an on-screen graphic just so? That’s CAPTCHA. They’re meant to make sure there’s a human being at the helm, not a devious bot bent on identity theft or other mischief. CAPTCHAs are frequently frustrating. But for the longest time – they worked.

Well, the times, they are a-changing.

As hackers have evolved, even CAPTCHA has become a tool they twist for their gain. They’ve keyed into the fact that we humans have been conditioned to trust these little innocuous, albeit aggravating tests over the years. So, you know what they did? They disguised the hack as the CAPTCHA itself.

Devious, right?

These CAPTCHA scams initially appear above board but are followed by requests for the user to fill in text or enter commands. Some, Dizdarevic says, even redirect to sites that seamlessly mimic Google or bank logins. All it takes is a few unwise keystrokes, and the hackers can plague your machine with malware, or—worse—steal your personal and financial data.

Look, you’ve been a human for far too long to fall for this. But scammers and hackers are nothing if they’re not convincing. So, here’s what to watch for:

Number 1: CAPTCHAs do not appear at random. They are typically used as a precautionary measure when accessing a website, or when suspicious activity is detected. If one randomly appears on a blog or unrelated page out of the blue? That’s a red flag.

Number 2: Don’t trust CAPTCHAs on sites that lack a valid URL. If the website address doesn’t seem quite right, or slightly off from what you expected, don’t trust the CAPTCHA.

Number 3: CAPTCHAs are meant to differentiate between computers and humans. They DO NOT require your login information to do this. Don’t fall for it.

Number 4: Downloads? No, no, no. CAPTCHAs should never trigger downloads. If one does, close your tabs, and run, don’t walk, to a cybersecurity pro.

CAPTCHA scams are a special kind of sinister. We don’t see them coming because we tend to accept these online tests as part and parcel of our digital experience. Hey, we’re only human. The good news is, now that you know – you can look before you leap.

Any questions? We know our boats from our bridges and street signs (and we’re pretty good around websites, too). Give us a holler if you want to chat.