{"id":2678,"date":"2026-04-22T15:36:36","date_gmt":"2026-04-22T19:36:36","guid":{"rendered":"https:\/\/www.yorku.ca\/uit\/infosec\/?p=2678"},"modified":"2026-04-22T15:42:56","modified_gmt":"2026-04-22T19:42:56","slug":"fake-captcha-real-threat-clickfix-social-engineering-attacks","status":"publish","type":"post","link":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/","title":{"rendered":"Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks"},"content":{"rendered":"\n<p>ClickFix attacks are a rapidly evolving threat that use fake CAPTCHA pages to trick people into running malicious commands (often PowerShell) on their own devices. In every ClickFix case, the attacker relies on one thing: your participation. Most traditional phishing attempts and malicious sites are filtered or blocked long before they reach you. That\u2019s why ClickFix pushes you to take extra steps yourself. By convincing you to run a command, the attacker gets past the protections already set in place and installs malware that would otherwise be detected.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is ClickFix?<\/h2>\n\n\n\n<p>ClickFix is a social engineering technique where attackers compromise legitimate websites and replace normal verification steps such as CAPTCHAs with fake prompts, and instruct users to run malicious commands on their computers. These commands often involve opening the Windows Run dialog or PowerShell and pasting in a script that appears to \u201cfix\u201d a problem or \u201cverify\u201d the user. In reality, the script is being used to download malware that compromises your device.<\/p>\n\n\n\n<p>This technique has been observed across higher\u2011education institutions and is increasingly used to deploy malware families such as <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/analyzing-cornflake-v3-backdoor\/\">CORNFLAKE.V3<\/a>, a backdoor capable of downloading additional payloads, collecting system information, and maintaining persistence on the device.<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"403\" src=\"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/clikfi-1024x403.png\" alt=\"\" class=\"wp-image-2681\" srcset=\"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/clikfi-1024x403.png 1024w, https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/clikfi-400x158.png 400w, https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/clikfi.png 1536w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">How does it Work?<\/h2>\n\n\n\n<p>ClickFix attacks follow a simple pattern:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>You click on a link from a search result or ad, and as the page loads, a strange-looking <strong>CAPTCHA <\/strong>or pop\u2011up appears unexpectedly.<br><\/li>\n\n\n\n<li>Instead of asking you to click images or check a box, it tells you there\u2019s a \u201cproblem\u201d and you need to <strong>run a command<\/strong> to continue.<br><\/li>\n\n\n\n<li>The page instructs you to open <strong>Windows + R<\/strong>, PowerShell, or Terminal and <strong>paste in a line of text<\/strong>.<br><\/li>\n\n\n\n<li>That command silently downloads malware onto your device. In many cases, it installs a backdoor such as <strong>CORNFLAKE.V3<\/strong>, which can download additional malicious files onto your system, collect system information, and stay hidden on your machine.<\/li>\n<\/ol>\n\n\n\n<p>Because the attacker convinces <em>you<\/em> to run the command, your device treats it as a trusted action, making it much harder for security tools to block.<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"512\" src=\"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/ClickFix-social-1024x512.png\" alt=\"\" class=\"wp-image-2679\" srcset=\"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/ClickFix-social-1024x512.png 1024w, https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/ClickFix-social-400x200.png 400w, https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/ClickFix-social-1536x768.png 1536w, https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/ClickFix-social-2048x1024.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">How Can I Spot a ClickFix Attempt?<\/h2>\n\n\n\n<p>Exercise caution towards any unfamiliar website, email, or popup that:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Asks you to open <strong>Windows Run (Windows + R)<\/strong><\/li>\n\n\n\n<li>Tells you to paste a command into <strong>PowerShell or Terminal<\/strong><\/li>\n\n\n\n<li>Claims you must run a script to \u201cfix,\u201d \u201cverify,\u201d or \u201ccontinue\u201d<\/li>\n\n\n\n<li>Appears immediately after clicking a search result or ad<\/li>\n\n\n\n<li>Displays a CAPTCHA that looks unusual, low\u2011quality, or out of place<\/li>\n<\/ul>\n\n\n\n<p>If you encounter instructions like:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>\u201cPress Windows + R and paste the following command\u2026\u201d<\/strong><\/p>\n<\/blockquote>\n\n\n\n<p>\u2026it is almost certainly malicious.<\/p>\n\n\n\n<p>If you suspect you may have interacted with a ClickFix prompt, please report it to the Information Security Team immediately (<a href=\"mailto:infosec@yorku.ca\">infosec@yorku.ca<\/a>).<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><strong>References<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/unit42.paloaltonetworks.com\/preventing-clickfix-attack-vector\/<\/li>\n\n\n\n<li>https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/08\/21\/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique\/<\/li>\n\n\n\n<li>https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/analyzing-cornflake-v3-backdoor\/<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>ClickFix attacks are a rapidly evolving threat that use fake CAPTCHA pages to trick people into running malicious commands (often PowerShell) on their own devices. In every ClickFix case, the attacker relies on one thing: your participation. Most traditional phishing attempts and malicious sites are filtered or blocked long before they reach you. That\u2019s why [&hellip;]<\/p>\n","protected":false},"author":2254,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","ngg_post_thumbnail":0,"footnotes":""},"categories":[4,5,7,8],"tags":[],"class_list":["post-2678","post","type-post","status-publish","format-standard","hentry","category-alerts","category-announcement","category-news","category-phish-alert"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks - Information Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks - Information Security\" \/>\n<meta property=\"og:description\" content=\"ClickFix attacks are a rapidly evolving threat that use fake CAPTCHA pages to trick people into running malicious commands (often PowerShell) on their own devices. In every ClickFix case, the attacker relies on one thing: your participation. Most traditional phishing attempts and malicious sites are filtered or blocked long before they reach you. That\u2019s why [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"Information Security\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-22T19:36:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-22T19:42:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/clikfi.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"605\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"jjorgoni\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"jjorgoni\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/\"},\"author\":{\"name\":\"jjorgoni\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/person\\\/4e1a012db43cc33b54ef341035c1c210\"},\"headline\":\"Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks\",\"datePublished\":\"2026-04-22T19:36:36+00:00\",\"dateModified\":\"2026-04-22T19:42:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/\"},\"wordCount\":482,\"publisher\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/wp-content\\\/uploads\\\/sites\\\/806\\\/2026\\\/04\\\/clikfi-1024x403.png\",\"articleSection\":[\"Alert\",\"Announcement\",\"News\",\"Phish Alert\"],\"inLanguage\":\"en-CA\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/\",\"name\":\"Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks - Information Security\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/wp-content\\\/uploads\\\/sites\\\/806\\\/2026\\\/04\\\/clikfi-1024x403.png\",\"datePublished\":\"2026-04-22T19:36:36+00:00\",\"dateModified\":\"2026-04-22T19:42:56+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/#breadcrumb\"},\"inLanguage\":\"en-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-CA\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/wp-content\\\/uploads\\\/sites\\\/806\\\/2026\\\/04\\\/clikfi.png\",\"contentUrl\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/wp-content\\\/uploads\\\/sites\\\/806\\\/2026\\\/04\\\/clikfi.png\",\"width\":1536,\"height\":605},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/2026\\\/04\\\/22\\\/fake-captcha-real-threat-clickfix-social-engineering-attacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#website\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/\",\"name\":\"Information Security\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-CA\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#organization\",\"name\":\"Information Security\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-CA\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/wp-content\\\/uploads\\\/sites\\\/806\\\/2025\\\/05\\\/Image-4.png\",\"contentUrl\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/wp-content\\\/uploads\\\/sites\\\/806\\\/2025\\\/05\\\/Image-4.png\",\"width\":1024,\"height\":1024,\"caption\":\"Information Security\"},\"image\":{\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/#\\\/schema\\\/person\\\/4e1a012db43cc33b54ef341035c1c210\",\"name\":\"jjorgoni\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-CA\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f03c82d66d31a62455c273e597d66bd68800f76221a71aa0bc2d703734498f2a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f03c82d66d31a62455c273e597d66bd68800f76221a71aa0bc2d703734498f2a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f03c82d66d31a62455c273e597d66bd68800f76221a71aa0bc2d703734498f2a?s=96&d=mm&r=g\",\"caption\":\"jjorgoni\"},\"url\":\"https:\\\/\\\/www.yorku.ca\\\/uit\\\/infosec\\\/author\\\/jjorgoni\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks - Information Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/","og_locale":"en_US","og_type":"article","og_title":"Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks - Information Security","og_description":"ClickFix attacks are a rapidly evolving threat that use fake CAPTCHA pages to trick people into running malicious commands (often PowerShell) on their own devices. In every ClickFix case, the attacker relies on one thing: your participation. Most traditional phishing attempts and malicious sites are filtered or blocked long before they reach you. That\u2019s why [&hellip;]","og_url":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/","og_site_name":"Information Security","article_published_time":"2026-04-22T19:36:36+00:00","article_modified_time":"2026-04-22T19:42:56+00:00","og_image":[{"width":1536,"height":605,"url":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/clikfi.png","type":"image\/png"}],"author":"jjorgoni","twitter_card":"summary_large_image","twitter_misc":{"Written by":"jjorgoni","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/#article","isPartOf":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/"},"author":{"name":"jjorgoni","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/person\/4e1a012db43cc33b54ef341035c1c210"},"headline":"Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks","datePublished":"2026-04-22T19:36:36+00:00","dateModified":"2026-04-22T19:42:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/"},"wordCount":482,"publisher":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#organization"},"image":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/clikfi-1024x403.png","articleSection":["Alert","Announcement","News","Phish Alert"],"inLanguage":"en-CA"},{"@type":"WebPage","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/","url":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/","name":"Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks - Information Security","isPartOf":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/#primaryimage"},"image":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/clikfi-1024x403.png","datePublished":"2026-04-22T19:36:36+00:00","dateModified":"2026-04-22T19:42:56+00:00","breadcrumb":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/#breadcrumb"},"inLanguage":"en-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-CA","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/#primaryimage","url":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/clikfi.png","contentUrl":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2026\/04\/clikfi.png","width":1536,"height":605},{"@type":"BreadcrumbList","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/2026\/04\/22\/fake-captcha-real-threat-clickfix-social-engineering-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.yorku.ca\/uit\/infosec\/"},{"@type":"ListItem","position":2,"name":"Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks"}]},{"@type":"WebSite","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#website","url":"https:\/\/www.yorku.ca\/uit\/infosec\/","name":"Information Security","description":"","publisher":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.yorku.ca\/uit\/infosec\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-CA"},{"@type":"Organization","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#organization","name":"Information Security","url":"https:\/\/www.yorku.ca\/uit\/infosec\/","logo":{"@type":"ImageObject","inLanguage":"en-CA","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/logo\/image\/","url":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2025\/05\/Image-4.png","contentUrl":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-content\/uploads\/sites\/806\/2025\/05\/Image-4.png","width":1024,"height":1024,"caption":"Information Security"},"image":{"@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.yorku.ca\/uit\/infosec\/#\/schema\/person\/4e1a012db43cc33b54ef341035c1c210","name":"jjorgoni","image":{"@type":"ImageObject","inLanguage":"en-CA","@id":"https:\/\/secure.gravatar.com\/avatar\/f03c82d66d31a62455c273e597d66bd68800f76221a71aa0bc2d703734498f2a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f03c82d66d31a62455c273e597d66bd68800f76221a71aa0bc2d703734498f2a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f03c82d66d31a62455c273e597d66bd68800f76221a71aa0bc2d703734498f2a?s=96&d=mm&r=g","caption":"jjorgoni"},"url":"https:\/\/www.yorku.ca\/uit\/infosec\/author\/jjorgoni\/"}]}},"taxonomy_info":{"category":[{"value":4,"label":"Alert"},{"value":5,"label":"Announcement"},{"value":7,"label":"News"},{"value":8,"label":"Phish Alert"}]},"featured_image_src_large":false,"author_info":{"display_name":"jjorgoni","author_link":"https:\/\/www.yorku.ca\/uit\/infosec\/author\/jjorgoni\/"},"comment_info":0,"category_info":[{"term_id":4,"name":"Alert","slug":"alerts","term_group":0,"term_taxonomy_id":4,"taxonomy":"category","description":"","parent":0,"count":64,"filter":"raw","cat_ID":4,"category_count":64,"category_description":"","cat_name":"Alert","category_nicename":"alerts","category_parent":0},{"term_id":5,"name":"Announcement","slug":"announcement","term_group":0,"term_taxonomy_id":5,"taxonomy":"category","description":"","parent":0,"count":57,"filter":"raw","cat_ID":5,"category_count":57,"category_description":"","cat_name":"Announcement","category_nicename":"announcement","category_parent":0},{"term_id":7,"name":"News","slug":"news","term_group":0,"term_taxonomy_id":7,"taxonomy":"category","description":"","parent":0,"count":5,"filter":"raw","cat_ID":7,"category_count":5,"category_description":"","cat_name":"News","category_nicename":"news","category_parent":0},{"term_id":8,"name":"Phish Alert","slug":"phish-alert","term_group":0,"term_taxonomy_id":8,"taxonomy":"category","description":"","parent":0,"count":48,"filter":"raw","cat_ID":8,"category_count":48,"category_description":"","cat_name":"Phish Alert","category_nicename":"phish-alert","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts\/2678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/users\/2254"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/comments?post=2678"}],"version-history":[{"count":6,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts\/2678\/revisions"}],"predecessor-version":[{"id":2686,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/posts\/2678\/revisions\/2686"}],"wp:attachment":[{"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/media?parent=2678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/categories?post=2678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/infosec\/wp-json\/wp\/v2\/tags?post=2678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}