1. Fast Facts About the Fake Captcha Attacks

1. The fake captcha attack tricks people into running malware on their devices to 'prove' they are human.
2. It relies on social engineering in a way we haven't seen before.
3. The countries primarily affected were Italy, Argentina, Spain, and the Philippines, but it could happen anywhere.

2. How does a fake captcha attack or spam work?

To start, criminals can lure people to a compromised site through phishing, malvertising, or some other method. From there, they will be asked to verify they are human with a captcha. By hitting the button to get started, a script (basically, a string of commands telling your PC what to do) is silently pasted into your computer's clipboard. The captcha test asks users to open up the Run window on their computer, paste the script that was put on their clipboard, and run it. Then the script starts to download malware.

To summarize it; It tricks you into manually infecting your device with malware. 

3. How can you stay safe from a captcha attack?

1. First of all, you can only get into this situation if you go to a compromised webpage. Always be careful when clicking on links or ads online, especially if they come from suspicious emails.
2. Secondly, your computer's run function is a powerful tool best used by people who know what they are doing. If anyone or anything ever asks you to run a script, a good rule of thumb is to just say no.
3. Third, if captcha tests ask you to prove you are human by doing something a bot could very easily do, it is probably not a very trustworthy captcha test.
4. Finally, you should be wary of anything that is being put into your computer's clipboard without your knowledge or consent. If you paste and you don't recognize or remember what you are looking at, you should delete it and run an antivirus scan, just in case.