Police Alert: Clicking "I'm Not a Robot" Steals Your Data

It has become a reflex, a digital formality we perform dozens of times a day to prove we're human. However, the National Police warns that cybercriminals have turned this symbol of security into a weapon. A new and dangerous scam lurks behind the simple click of the "I'm not a robot" box, and its consequences can be devastating for your finances .

The genius and danger of this scam lies in its ability to exploit behavior we've been trained to perform without question. For years, websites have taught us that CAPTCHA verification is a legitimate security measure. We've internalized this process so much that we perform it on autopilot, without conscious analysis. Criminals take advantage of this blind trust. The attack works as follows:

1. The victim arrives at a fraudulent website, which may mimic a legitimate page or be a malicious site designed for this purpose.
2. On the page, a pop-up window or element appears that is a visually perfect replica of the well-known “ I’m not a robo ” checkbox.
3. The user, acting out of habit, clicks the box to continue.
4. At that precise moment, instead of performing a verification, the click triggers the download and execution of a " malicious code " on the user's device. "Without realizing it, the site copies malicious code," the police statement explicitly warns. The gesture that was supposed to protect you becomes the vector of infection.

   "This is such a common occurrence that it's now done automatically." – National Police statement on the CAPTCHA scam.

Once the malware is installed on the victim's computer or mobile phone, cybercriminals have a clear objective: to steal sensitive information . Their primary goal is to obtain personal and financial data, which includes:

• Online banking login credentials.
• Credit and debit card numbers.
• Email and social media passwords. To give their operations an appearance of legitimacy, these criminal groups register thousands of fraudulent domains that mimic trusted services, such as parcel delivery companies or government institutions, making the initial deception even more believable.

In the face of this and other similar threats, national and international security forces, such as the FBI, have issued a series of clear and direct recommendations to help citizens protect themselves.

• Don't click on unknown links: If you receive an unexpected email or text message, don't click on any links. This is the main gateway to fraudulent websites.
• Verify authenticity: If a message asks you to take an action, be wary. Go directly to the company or service's official website by typing the address into your browser. Never use the provided link.
• Stay calm and be wary of urgency: Scams often create a false sense of emergency (a held package, a blocked account) to make you act without thinking. Take a moment to analyze the situation.
• Always report it: If you come across a suspicious message or website, report it. You can forward fraudulent text messages to 7726 (SPAM). Reporting it to the authorities helps prevent others from falling into the trap.

1. Change all your important passwords.
2. Contact your bank immediately to block your cards and accounts.
3. Report the incident to the National Police or the Civil Guard.

The cybersecurity landscape is constantly changing. Criminals are increasingly sophisticated and are now using the very symbols of online security against us. The lesson is clear and compelling: vigilance and skepticism are no longer an option. Questioning even the most routine and automatic actions on the internet is a fundamental necessity to protect our identity and our assets in the digital world.