“Stop – Think – Don’t Click” is one of the standard pieces of advice when you are asked to click on links to unsolicited, unknown or dubious webpages, or when browsing the web in general. To paraphrase the words of Forrest Gump: "My momma always said, “[browsing the Internet is] like a box of chocolates. You never know what you're gonna get." Once again he is right. And here is a new twist in the way attackers try to dupe you into clicking on their malicious content… Captchas.
“Captchas” are a kind of online proof that you are a human being with human cognitive capabilities and not an automatic software algorithm (a so-called “bot”). Usually a Captcha verification asks you to copy a series of letters inside a distorted image, sometimes with the addition of an obscured sequence of letters or digits, or to identify a certain subset of photos within an array of many (“Select all pictures displaying cars”). In the age of the rise of artificial intelligence, big data and massive offices full of cheap office labour (in particular in third-world countries), one can start questioning how efficient and effective those Captcha verifications are, but for the attackers that is not the point. They just want you to click…
Their embedded Captcha dialog boxes look a bit different (see second screenshot). Once you click on them, your browser will pop up another window asking you for permission for the current website to be able to send notifications to you. And if you confirm, Captcha Gotcha. From that moment on, you will start seeing spam popups directly on your desktop even if your preferred web browser is closed. These can be ads for adult sites, online web games, fake software updates and unwanted programs...
Fortunately, notification permissions can easily be disabled again in the settings of any browser. In addition, you might want to consider improving your privacy when browsing the web (see our Bulletin article “Browsing securely and privately”). And, best of all: once more “Stop – Think – Don’t Click” when you are not sure where you are going: "Browsing the Internet is like a box of chocolates. You never know what you're gonna get."
______
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.