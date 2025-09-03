  1. Residential Customers
Anti-fraud method is being misused Why a harmless test is becoming a dangerous trap

Sven Ziegler

3.9.2025

Captchas are now themselves becoming a trap for fraud victims.
Zacharie Scheurer/dpa-tmn

A new online scam is luring users with a fake captcha that doesn't show a picture puzzle, but is designed to activate malicious code via a key combination - without anyone noticing.

03.09.2025, 14:04

03.09.2025, 14:49

No time? blue News summarizes for you

  • Users are lured to seemingly harmless pages via fake emails or manipulated websites
  • A captcha appears there that requests key combinations instead of images and activates malicious code in the process
  • Cybercrimepolice.ch warns: This method is new and unexpectedly dangerous
Captcha - the abbreviation stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is a simple test designed to ensure that an action on the Internet is carried out by a human and not by a machine. Typical examples are picture puzzles or the typing of distorted sequences of letters.

But it is precisely this principle that criminals are exploiting. As the prevention platform Cybercrimepolice.ch warns, a new form of online fraud is currently emerging. Fake emails or manipulated websites are being used to lure users to seemingly harmless sites.

An alleged captcha appears there, but instead of requesting images, it asks for key combinations to open the Windows "Run" window (Windows + R).

Various tips on how to deal with it

It becomes dangerous because a code snippet has already been loaded unnoticed into the device's cache. Anyone who follows the prompts activates this code - and an attempt is made to download malware in the background.

The police advise users to consistently ignore suspicious emails, move them to the spam folder or forward them directly to the platform. "Captchas that require key combinations are unusual - there is often fraud behind them," the warning states.

Anyone who has already disclosed data should have the device checked by a specialist, change passwords and, in an emergency, file a criminal complaint with the police.

