Don’t Click ‘Allow’ If You Are Not a Robot

Scams / Malware / By /

Last updated on September 2nd, 2023 at 02:17 pm

A warning sign sits next to a laptop displaying a CAPTCHA on a red background.
Made by Safe, Not Scammed in Canva.

A few months ago, I tried to log in to one of my online accounts and was stopped by a weird test to prove I was human. Instead of the usual tasks of checking a box or picking out all traffic lights in a photo, this test, or CAPTCHA as they’re called, told me to “Click allow if you are not a robot.” As it turns out, this wasn’t a legitimate CAPTCHA, but a scam!

1 dot guesswhatnews dot com wants to show notifications Allow Block Translate page from Russian? Translate to: English
The fake “Click allow if you are not a robot” CAPTCHA that I recently encountered.

Had I clicked “allow,” I would have been giving a malicious site permission to send annoying and potentially dangerous notifications to my browser. Online posts by people who have fallen victim to this kind of scam often report receiving false claims that their device is infected with multiple viruses, for example.

Fortunately, there were three big warning signs this CAPTCHA was sketchy:

  1. The instruction to click “allow” was not like other CAPTCHAs, which ask you to click a check box or pick out items in a photograph.
  2. The fake CAPTCHA popped up in a new tab and was on a completely different (and spammy-sounding) domain compared to the legitimate site I had been visiting when it appeared.
  3. Although the text of the fake CAPTCHA page appeared to be in English, Edge asked if I wanted to translate the page from Russian.

With all those warning signs, I did not click “allow” and quickly closed the page instead.

What to do if you click allow

If you’re faced with a similar CAPTCHA and click “allow,” try not to panic. You will start receiving browser notifications, but these can be turned off. Just make sure you don’t click any notifications that come through before you revoke the malicious site’s permission to send them to you.

Below we’ll see how to turn off notifications for a malicious site in Chrome, Edge and Firefox.

How to stop notifications in Chrome:

Notifications Default behavior Sites can ask to send notifications (selected) Use quieter messaging Don't allow sites to send notifications Customized behaviors Sites listed below follow a custom setting instead of the default Not allowed to send notifications No sites added Allowed to send notifications https://twitter.com:443 Clicking on the three dots next to the site brings up the options to "block," "edit" and "remove."
Turning off notifications in Chrome.
  1. Click on the three dots in the top right of Chrome.
  2. Select “Settings.”
  3. Click “Privacy and security.”
  4. Head to “Site settings.”
  5. Scroll down to “Permissions,” then click on “Notifications.”
  6. Find the site sending the malicious notifications under “Allowed to send notifications,” click the three dots next to it, and click “Remove.” (If you’re not sure which site it is, remove any that you don’t recognize.)

How to stop notifications in Edge:

Site permission/Notifications Ask before sending (recommended) [enabled] Quiet notification requests [disabled] Block [no sites listed] Allow [Google calendar listed] After clicking the three dots next to Google Calendar, "block," "edit" and "remove" are presented as options.
Turning off notifications in Edge.
  1. Click on the three dots in the top right-hand corner of Edge.
  2. Select “Settings.”
  3. Click “Cookies and site permissions.”
  4. Select “Notifications.”
  5. Under “Allow” you’ll find the list of sites that can send you notifications. Find the malicious one (or any you don’t want to receive notifications from), click the three dots and select “Remove.”

How to stop notifications in Firefox:

Settings-Notification permissions The following websites have requested to send you notifications. You can specify which websites are allowed to send you notifications. You can also block new requests asking to allow notifications. Website https://twitter.com Status Allow/Block Remove website Remove all websites Save changes Cancel
Turning off notifications in Firefox.
  1. Click on the three lines in the top right of Firefox.
  2. Select “Settings.”
  3. Click “Privacy and security.”
  4. Find the “Permissions” section.
  5. Find the “Notifications” permission and select “Settings” next to it. 
  6. Select the malicious website (or any you no longer want to receive notifications from) and hit “Remove.”
  7. Save your settings.

Once that’s done, the notifications should stop. You may also want to scan your device with a reputable anti-malware program to make sure nothing nasty got through.

Why does this fake CAPTCHA pop up on legitimate sites?

The “Click allow if you are not a robot” fake CAPTCHA doesn’t just appear on sketchy websites–it can appear on legitimate ones, too. 

The site I was trying to log in to when the scam CAPTCHA popped up was legitimate, but it had been hacked. In fact, the malicious code that had been added to the website was visible in the site’s header, as shown below.

Malicious PHP code appears in the header of the website.
That tiny text in the header of the legitimate website I visited is actually malicious code!

I’m not a coder, so how do I know that code really is malicious? Because while researching the fake CAPTCHA, I came across a blog post from Sucuri explaining how WordPress sites had been hacked to display the “Click allow” scam. Sucuri’s post lists the malicious code, shown below, which is an exact match for the code displayed on the site I was visiting when the scam CAPTCHA appeared.

Malicious PHP code
This is the code listed on Sucuri’s blog post. If you look closely, you can see the code in the header of the website I visited is exactly the same.

The takeaway

While CAPTCHAs are common, any that ask you to click “allow” are trying to trick you into subscribing to their malicious notifications. So, don’t click allow if you are not a robot!

Leave a Comment

Your email address will not be published. Required fields are marked *