1 hour ago
2
A Toronto college student named Alexandra is warning the public about an insidious new CAPTCHA scam proliferating the internet.
Bruno - stock.adobe.com
It’s a digital wolf in sheep’s clothing.
A Toronto college student has issued a warning to the public after nearly falling prey to an insidious new human test scam proliferating on the internet, which she detailed on Reddit.
“I can see so many people falling for this. It’s evil,” Alexandra, who withheld her last name, wrote in her PSA.
The Canuck said that she stumbled across the “diabolical” cyberscheme while she was in class reading an article online.
An accompanying photo shows the innocuous-looking pop-up that appeared on her computer screen, prompting her to complete several “verification steps” to ostensibly prove that she’s not a robot.
“I thought of my mom, who would easily fall for this,” the Canadian explained. “She’s not very computer-literate, and I was hoping sharing could prevent at least one person from getting their device hacked.” ponta1414 – stock.adobe.comThe sequence entailed holding the Windows key and R to load a verification window, after which they were told to simultaneously press “CTRL+V,” before clicking “Enter” to complete the test.
Unfortunately, following these instructions would’ve resulted in in her device being compromised. Dubbed ClickFix, this increasingly prevalent scam tricks users into running a harmful program on their Mac or Windows terminal by masquerading as a CAPTCHA test.
Once this Trojan Horse had been downloaded, the cybercriminals involved would’ve been able to circumvent her online safeguards and harvest her sensitive personal info.
Thankfully, Alexandra, a former PC shop employee who has built computers, caught wise to the scam before it was too late, Newsweek reported. “I know Win + R opens Dialog and pasting something you don’t know is very stupid,” Alexandra told the publication. “I have had to open and run things on Dialog before.”
The attack is one of the most ubiquitous. InfiniteFlow – stock.adobe.comDespite these red flags, Alexandra said that most of the classmates with whom she shared the pop-up “weren’t aware of the issue.”
So she shared the aforementioned PSA to Reddit with the hopes of preventing others from getting hornswoggled.
“I thought of my mom, who would easily fall for this,” the Canadian explained. “She’s not very computer-literate, and I was hoping sharing could prevent at least one person from getting their device hacked.”
Reddit viewers were grateful for her warning.
“I’ve never seen that yet. truly diabolical and would absolutely work on the average person,” said one fan, decrying this chameleonic scheme.
Another wrote, “And they act like people using adblockers as a basic safety precaution are the villains.”
“It’s probably the single most successful attack vector to compromise a device,” cautioned a third.
According to data by the cybersecurity firm ESET, ClickFix attacks skyrocketed by 517% from 2024 to 2025, becoming the second most common vector after phishing, InfoSecurity Magazine reported.
This isn’t the only cyberscam infecting people’s devices.
Techsperts are warning users about a sneaky new calendar scam, in which cybercrooks have figured out a sneaky way to blast iPhones and iPads with bogus alerts in order to hack their personal info.
English (US)