What is the “click allow to confirm you are not a robot” scam?

The “Click Allow to Confirm You Are Not a Robot” scam is a deceptive technique some fraudulent websites use. It mimics the appearance and functionality of a CAPTCHA verification, a standard security measure on the internet designed to confirm that a user is human and not a bot. Legitimate websites, especially those protected by services like Cloudflare, use CAPTCHA verifications to reduce bot traffic and protect the site from attacks​.

However, in this scam, the pop-up prompting users to click “allow” to prove they are not robots is fake. Scammers use this tactic to bait users into accepting push notifications from malicious ad servers. Users who click “allow” on these deceptive pop-ups may inadvertently permit the website to show advertisements or redirect them to other potentially harmful sites. These pop-ups could appear due to a program containing malware on the user’s computer or the user previously permitted a website to display advertisements​​​.

This scam is relatively new but has become increasingly popular among dubious websites. Its simplicity and the fact that it closely resembles legitimate CAPTCHA verifications make it surprisingly effective, which explains why many malicious websites have adopted it in recent years​​​.

Examples of the ‘Click Allow to confirm you are not a robot’ scam

Here are multiple examples from dubious websites using the particular scam:

Another one.

Examples of the “Click allow to confirm you are not a robot” scam.

What is the purpose of the ‘Click Allow to confirm you are not a robot’ scam?

Fake push notifications, such as those generated from the “Click Allow to Confirm You Are Not a Robot” scam, serve several nefarious purposes for the entities behind them:

1. Advertising Revenue: One of the primary reasons for fake push notifications is to generate advertising revenue. Each time a user clicks on these notifications, the scammer can earn money, regardless of the content or legitimacy of the advertised product or service.
2. Malware Distribution: These notifications can be used to distribute malware. Clicking on a notification might initiate a download of harmful software, such as viruses, spyware, or ransomware, which can compromise the user’s device and personal data.
3. Phishing Attempts: Fake notifications often include phishing attempts. They can trick users into providing sensitive information like login credentials, credit card numbers, or personal information under pretenses, such as a fake login page or a scam giveaway.
4. Redirecting Traffic: They can redirect users to other malicious websites. This could be for further scams, more aggressive advertising, or artificially inflated website traffic for dubious sites.
5. User Profiling and Data Harvesting: Some fake notifications might be part of schemes to collect user data. By monitoring which notifications a user interacts with, scammers can gather information about user preferences, browsing habits, and even personal details.
6. Creating a Sense of Urgency or Fear: These notifications can be crafted to create a sense of urgency or fear (like a warning of a security breach or offering a limited-time deal), prompting users to act quickly without giving them time to consider the legitimacy of the notification.
7. Exploiting Trust: Since push notifications are a common feature used by legitimate apps and services, scammers exploit this trust to trick users into thinking the notifications are credible.

How to protect against the ‘Click Allow to confirm you are not a robot’ scam?

Protecting yourself against the “Click Allow to Confirm You Are Not a Robot” scam and similar fraudulent activities involves a combination of technical safeguards and practicing cautious online behavior. Here are my recommendations.

1. Ensure that your computer is protected with reliable antivirus and anti-malware software. Keep this software updated to defend against the latest threats.
2. Regularly update your web browser and operating system. Updates often include security patches that protect against new scams and malware.
3. Use the pop-up blocker feature in your web browser. This can prevent many types of scam pop-ups from appearing.
4. Be cautious if a website suddenly asks you to confirm that you are not a robot outside of a login screen or similar context. Legitimate CAPTCHA requests usually occur during sign-ins, registrations, or before submitting forms.
5. Be wary of any site that asks you to allow notifications, especially if you are not familiar with the site. Remember that allowing notifications can give the site permission to send you ads and potentially malicious content.
6. Stay informed about the latest online scams using my website. Knowing what to look for can help you avoid falling victim to new tactics.
7. Ensure you’re on a legitimate website, especially when entering personal information. Scammers often create fake sites that look like real ones.
8. Only download software from trusted sources. Avoid clicking on links or downloading attachments from unknown or unsolicited emails.

Learn more: How to Protect Against the McAfee Antivirus Scam

I hope this information helped you safeguard your computer against this online scam. Thank you for reading!