Fake News Website Network Uses Fake Google Captcha To Get Real Facebook Shares

Fact Check

  • by: Maarten Schenk

If you've been on the internet for a while you are probably familiar with 'Turing tests' on various websites: little challenges to prove you are an actual human interacting with a site and not a bot intent on spamming a comment form or on the prowl for personal data. Most of these puzzles take the form of a sequence of blurred letters and/or numbers that have to be correctly identified as this is something humans are (still) a lot better at than computers.

Such a test is often called a CAPTCHA, which the official CAPTCHA site used to define as:

The term CAPTCHA (for Completely Automated Public Turing Test To Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University.

In recent years one of the more popular CAPTCHA systems in use has been Google's reCAPTCHA, which uses several advanced techniques to pre-screen website visitors before deciding which test to show them. A first time visitor coming from a suspicious IP address with an unknown browser is much more likely to be challenged with a somewhat difficult puzzle as opposed to a return visitor coming from a known 'good' IP address. The net result of this is that 'trustworthy' visitors usually get presented with this very simple challenge by the reCAPTCHA system: simply tick the box.

recaptcha.jpg

Analyzing mouse movements in combination with the other cues is usually enough proof for the system to accept users are human. And in case of doubt the system simply throws up a more difficult additional challenge.

In practice this is more than enough to keep out most bots, although there are exceptions as this video proves:

But joking aside: one side-effect of the popularity of reCAPTCHA is that users have gotten used to mindlessly clicking the checkbox if they want to access 'protected' features of a website. And now scammers are abusing this learned behaviour.

Back in March 2017 we first reported about a celebrity death hoax involving British actor Rowan Atkinson (a.k.a. Mr. Bean), followed a few months later by a second one and then over the summer another one involving Dwayne "The Rock" Johnson. All three hoaxes involved website visitors being lured in via Facebook posts to watch a video which would cut out after two seconds after which a prompt followed to share the video to continue watching. The actual URL being shared was varied slightly each time in order to mislead Facebook's anti-spam measures. And of course the videos turned out to be fake and the websites on which they were hosted were filled to the brim with popup ads and other nasty forms of advertising.

And now it seems the same people are back with a new scammy website. Only instead of using a fake death they have now jumped on an existing viral media bandwagon by coopting the "Fire Noodle Challenge" which was a social media phenomenon in 2015 originally hailing from Korea. According to Wikipedia:

Buldak Bokkeum Myeon became famous due to the Fire Noodle Challenge, a viral challenge where people film themselves attempting to complete a bowl of Buldak Bokkeum Myeon.

The article/website the hoaxers are spreading (archived here) appears to promote one of the many 'spicy noodle challenge' videos out there on YouTube but guess what pops up after two seconds of watching:

spicynoodlechallenge1.jpg

Indeed: a fake McAfee message and a fake reCAPTCHA checkbox. Clicking either one (or the Facebook sharing button) brings up a Facebook share dialog to share a version of the video on a slightly modified URL along with the hashtag #BewareOfKillerSpicyNoddles. And yes, there are lots of ads popping up all over the place.

So is this fake news? Not really. But definitely a deceptive way to get more shares/likes out of a video in order to make money from advertising. And the first time I've seen user familiarity with Google's reCAPTCHA being abused in this way.

What will they think of next?


  Maarten Schenk

Maarten Schenk is the co-founder and COO/CTO of Lead Stories and an expert on fake news and hoax websites. He likes to go beyond just debunking trending fake news stories and is endlessly fascinated by the dazzling variety of psychological and technical tricks used by the people and networks who intentionally spread made-up things on the internet.

Read more about or contact Maarten Schenk

About Us

International Fact-Checking Organization Meta Third-Party Fact Checker

Lead Stories is a fact checking website that is always looking for the latest false, misleading, deceptive or inaccurate stories, videos or images going viral on the internet.
Spotted something? Let us know!.

Lead Stories is a:


WhatsApp Tipline

Have a tip or a question? Chat with our friendly robots on WhatsApp!

Add our number +1 (404) 655-4223, follow this link or scan the image below with your phone:

@leadstories

Subscribe to our newsletter

* indicates required

Please select all the ways you would like to hear from Lead Stories LLC:

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.

Most Read

Most Recent

Share your opinion