Skip to content
The Nexus
Scam alertFederal Trade CommissionConsumers

How to spot a CAPTCHA scam

Scammers send fake CAPTCHA requests that look like real ones to trick you into installing malware on your device.

Forward this
Published: Jun 8 · 16:00 UTC
How this scam works

You receive a message or see an ad with what appears to be a standard CAPTCHA, asking you to verify you are not a robot by typing characters or selecting images. Instead of protecting your account, clicking or completing the fake CAPTCHA downloads malware onto your computer or phone. The scammers use the familiarity of real CAPTCHAs to lower your guard.

Red flags to watch for
  • CAPTCHA appears in an unexpected place like a text message or ad
  • You did not initiate a login or verification request
  • Your device begins acting slow after completing the task
  • The CAPTCHA URL does not match the real website you thought you were accessing
  • Clicking prompts a download rather than confirming your identity
What to do

Do not complete CAPTCHA requests that arrive unsolicited via text, email, or ads. If you see a CAPTCHA on a website, verify the URL in your browser address bar matches the real company name before proceeding. If you already completed a suspicious CAPTCHA and something was downloaded, run an antivirus scan immediately and consider changing passwords for important accounts from a different device.

Scam type
Original advisoryFederal Trade Commission

https://consumer.ftc.gov/consumer-alerts/2026/06/how-spot-captcha-scam

How to spot a CAPTCHA scam · Grift scam alert · The Nexus