Last updated on September 2nd, 2023 at 02:17 pm
A few months ago, I tried to log in to one of my online accounts and was stopped by a weird test to prove I was human. Instead of the usual tasks of checking a box or picking out all traffic lights in a photo, this test, or CAPTCHA as they’re called, told me to “Click allow if you are not a robot.” As it turns out, this wasn’t a legitimate CAPTCHA, but a scam!
Had I clicked “allow,” I would have been giving a malicious site permission to send annoying and potentially dangerous notifications to my browser. Online posts by people who have fallen victim to this kind of scam often report receiving false claims that their device is infected with multiple viruses, for example.
Fortunately, there were three big warning signs this CAPTCHA was sketchy:
- The instruction to click “allow” was not like other CAPTCHAs, which ask you to click a check box or pick out items in a photograph.
- The fake CAPTCHA popped up in a new tab and was on a completely different (and spammy-sounding) domain compared to the legitimate site I had been visiting when it appeared.
- Although the text of the fake CAPTCHA page appeared to be in English, Edge asked if I wanted to translate the page from Russian.
With all those warning signs, I did not click “allow” and quickly closed the page instead.
What to do if you click allow
If you’re faced with a similar CAPTCHA and click “allow,” try not to panic. You will start receiving browser notifications, but these can be turned off. Just make sure you don’t click any notifications that come through before you revoke the malicious site’s permission to send them to you.
Below we’ll see how to turn off notifications for a malicious site in Chrome, Edge and Firefox.
How to stop notifications in Chrome:
- Click on the three dots in the top right of Chrome.
- Select “Settings.”
- Click “Privacy and security.”
- Head to “Site settings.”
- Scroll down to “Permissions,” then click on “Notifications.”
- Find the site sending the malicious notifications under “Allowed to send notifications,” click the three dots next to it, and click “Remove.” (If you’re not sure which site it is, remove any that you don’t recognize.)
How to stop notifications in Edge:
- Click on the three dots in the top right-hand corner of Edge.
- Select “Settings.”
- Click “Cookies and site permissions.”
- Select “Notifications.”
- Under “Allow” you’ll find the list of sites that can send you notifications. Find the malicious one (or any you don’t want to receive notifications from), click the three dots and select “Remove.”
How to stop notifications in Firefox:
- Click on the three lines in the top right of Firefox.
- Select “Settings.”
- Click “Privacy and security.”
- Find the “Permissions” section.
- Find the “Notifications” permission and select “Settings” next to it.
- Select the malicious website (or any you no longer want to receive notifications from) and hit “Remove.”
- Save your settings.
Once that’s done, the notifications should stop. You may also want to scan your device with a reputable anti-malware program to make sure nothing nasty got through.
Why does this fake CAPTCHA pop up on legitimate sites?
The “Click allow if you are not a robot” fake CAPTCHA doesn’t just appear on sketchy websites–it can appear on legitimate ones, too.
The site I was trying to log in to when the scam CAPTCHA popped up was legitimate, but it had been hacked. In fact, the malicious code that had been added to the website was visible in the site’s header, as shown below.
I’m not a coder, so how do I know that code really is malicious? Because while researching the fake CAPTCHA, I came across a blog post from Sucuri explaining how WordPress sites had been hacked to display the “Click allow” scam. Sucuri’s post lists the malicious code, shown below, which is an exact match for the code displayed on the site I was visiting when the scam CAPTCHA appeared.
The takeaway
While CAPTCHAs are common, any that ask you to click “allow” are trying to trick you into subscribing to their malicious notifications. So, don’t click allow if you are not a robot!
I don’t know what this is all about?
This is an article about how you should not click the “Allow” button if you are asked to do so to prove you are not a robot. That’s because clicking “allow” will trigger spam notifications that can trick you into downloading malware. Let me know if you need more help!