⚠️ KCCS SECURITY ALERT — PLEASE READ & SHARE

The "Prove You're Human" Scam

Criminals are using fake Google and Cloudflare "verification" pages to trick people into infecting their own computers. It's called ClickFix, and it's everywhere right now.

THE ONE RULE

A real "I'm not a robot" check NEVER uses your keyboard.

If any website tells you to press Windows+R, press Ctrl+V, open a Run box, PowerShell, or Terminal, or copy and paste a command to prove you're human or "fix" something — it is a scam, 100% of the time. Close the page.

1 What the scam looks like

You've clicked all kinds of "I'm not a robot" boxes before. That's exactly what the criminals are counting on. Their fake page looks almost identical to the real thing — same logos, same style — but then it adds "verification steps":

🚨 SCAM EXAMPLE — DO NOT FOLLOW
🔒 some-random-website.com/verify?id=10420852

Verify you are human

This site needs to review the security of your connection before proceeding.

Verify you are human
⚠️ Manual Verification Required — complete these steps:
  1. Press ⊞ Windows key + R
  2. Press Ctrl + V
  3. Press Enter
🚩
Red flag #1: It gives you keyboard instructions. Real verification is one click (or picking pictures of traffic lights). That's it.
🚩
Red flag #2: Words like "Manual Verification Required," "Verification Steps," or "Run this command to fix the error."
🚩
Red flag #3: Countdown timers, "unauthorized sign-in" warnings, or anything rushing you. Urgency is their favorite weapon.

2 How the trick actually works

The evil part: the page secretly copies a hidden command onto your clipboard the moment you click the checkbox. Then it walks you through running it — without you ever seeing what it says.

🌐

Step 1 — You land on a booby-trapped page

Could be a hacked legitimate website, a sketchy ad, a link in an email or text, or a search result. Recently over 700 real university and company websites were hijacked to show these fake pages.

⬇️
☑️

Step 2 — You click "Verify you are human"

The instant you click, hidden code silently copies a malicious command to your clipboard. You see a normal-looking spinner. Nothing looks wrong.

⬇️
⌨️

Step 3 — THE TRAP: it asks you to press three keys

⊞ Win+R then Ctrl+V then Enter ⏎

Three innocent-looking keystrokes. What they really do is open a command box, paste the hidden malicious command, and run it.

⬇️
💀

Step 4 — Your own computer downloads the malware

Because you ran the command yourself, it can slip past antivirus and security filters that would normally block a shady download. Within seconds, password-stealing malware is running silently in the background.

3 What those three keystrokes really do

⊞ Win + R

Opens the Windows "Run" box — a direct line for giving your computer commands. Websites have no legitimate reason to ever send you here.

Ctrl + V

Pastes the hidden command the scam page put on your clipboard. You never typed it, never read it, and it's often disguised to look like a harmless verification code.

Enter ⏎

Runs it. Game over — the command downloads and installs the malware. On Macs the same scam says to open Terminal; on phones it pushes fake "update" apps.

4 Real check vs. scam — side by side

✅ A REAL verification

  • One click on a checkbox — done
  • Maybe "select all the squares with buses"
  • Never touches your keyboard
  • Never mentions Run, PowerShell, or Terminal
  • Never asks you to copy or paste anything

🚨 The SCAM version

  • Gives you "verification steps" to perform
  • Tells you to press Win+R / Ctrl+V / Enter
  • Asks you to paste a command "to verify"
  • Uses countdown timers and scary warnings
  • Says "verification failed — try manual steps"

5 What the criminals steal

The malware these pages install (security researchers track families with names like StealC, Amatera, and NetSupport RAT) is built to quietly grab everything valuable on your computer:

🔑Saved passwords
🏦Bank & card info
📧Email accounts
🍪Browser sessions
(no password needed)
Crypto wallets
🖥️Full remote control
of your PC

6 Where you'll run into it

7 The rules — memorize these

Never press Win+R, or open PowerShell / Terminal, because a website told you to. No real company will ever ask. Not Google, not Cloudflare, not Microsoft. Ever.

Never paste anything you didn't copy yourself. If a page says "press Ctrl+V," it planted something on your clipboard. That's an attack, not a step.

One click max. Real human-checks are a single click or picking pictures. Anything more = close the tab.

Slow down when a page rushes you. Timers, threats, and "act now" pressure exist to stop you from thinking.

When in doubt, close the tab and ask. Closing a browser tab never breaks anything. Running a mystery command can cost you every password you have.

8 "I think I already did it" — do this NOW

  1. Disconnect the computer from the internet (unplug the network cable / turn off Wi-Fi). Don't shut it down yet — just disconnect it.
  2. Don't log into anything on that machine. No email, no banking, nothing.
  3. From a DIFFERENT device (your phone), change your most important passwords first: email, then banking, then everything else.
  4. Turn on two-factor authentication everywhere it's offered, if you haven't already.
  5. Tell your IT support immediately. This is not a "wait until Monday" problem — stolen passwords get used within hours. No one will be mad at you; catching it fast is what matters.
  6. Let a professional check the machine before it goes back to normal use. These infections hide well and can disable antivirus.

📣 Please share this page

Send it to your coworkers, family, and anyone who uses a computer. This scam works because people haven't heard of it yet. Thirty seconds of reading is all it takes to become immune.

Worried about your business?

KCCS installs, secures, and watches business systems all over Southern Colorado. Get a free assessment — a real engineer walks your site and hands you a written punch list.

Email [email protected]

Or call 719-530-4040 · Response within 2 business hours