Security Alerts • May 12, 2025

Be aware of fake CAPTCHA verification scams

An icon of a shield with an exclaimation mark.

NAU has observed an increase in fake CAPTCHA websites targeting members of our community.

Recently, NAU has observed a new type of cyberattack targeting the public, which has impacted members of the university, as well as our local community.

Many credible websites use a tool known as CAPTCHA to distinguish between real users and bots by asking you to enter text or select all correct images of a certain object. This new type of attack plays on this concept, but instead asks a user to run a snippet of code on their computer that contains malware.

These attacks will ask you to copy a section of code from a website and run it on your computer locally by pressing the Windows + R keys, and pasting in the malicious code. You can view an example of these attacks below.

A fake CAPTCHA verification prompt, asking a user to; "Press and hold the Windows Key + R. In the verification window, press Ctrl + V. Press Enter on your keyboard. Click the verify button below to finish."
An example of a fake CAPTCHA prompt.

If you come across or interact with a verification test that requests you do this, or a similar action, stop immediately and contact the ITS Service Desk.

Due to the impacts observed from these attacks, NAU is working toward technical solutions to reduce the risk and minimize their effect on the university community. In the coming days, ITS will make changes to the availability of certain features to help prevent our community from falling victim to these attacks.

If you have a question or concern about this notice, contact the ITS Service Desk.

 

Information Technology Services
Location
Building 54
Information Technology Services
1301 S. Knoles Drive
Flagstaff, AZ 86011
Mailing Address
PO Box 5100
Flagstaff, AZ 86011