Most people know to be careful with suspicious emails, fake virus warnings and scam text messages. But there is a newer trick doing the rounds that can catch even careful users off guard: fake CAPTCHA checks.
A CAPTCHA is the familiar “prove you are human” check you sometimes see on websites. It might ask you to tick a box, choose pictures, or wait while the site verifies your browser.
The scam version looks similar at first glance, but instead of simply asking you to tick a box, it may tell you to press certain keyboard shortcuts, open the Windows Run box, paste a command, use PowerShell, or follow a “quick fix” to prove you are human or repair a browser problem.
That is the danger point.
A real website verification check should not need you to run commands on your computer. If a webpage tells you to press Windows + R, paste something, open PowerShell, use Terminal, or run a command to continue, stop immediately.
This type of scam is often called “ClickFix”. Microsoft has written about the ClickFix social engineering technique, where attackers use convincing prompts to trick people into running malicious commands themselves. Malwarebytes has also reported recent campaigns where compromised websites displayed fake Cloudflare or CAPTCHA-style verification pages that told visitors to copy and run commands on their own PCs.
At Computer Repair Norwich, this is exactly the sort of scam worth talking about because it does not always look like a traditional virus download. It feels more like a normal website problem, a browser check, or a quick technical instruction. That is what makes it convincing.
Why fake CAPTCHA scams work so well
Most people are used to seeing verification checks online. We tick boxes, wait for loading screens, accept cookies, prove we are not robots, and move on.
Scammers know this.
A fake CAPTCHA page relies on trust and routine. It may look clean, official and familiar. It might pretend to be from Cloudflare, a browser security check, a document viewer, a video page, a download page, or a website protection system.
Instead of the normal verification process, it may say something like:
- verification failed
- browser check required
- press Windows + R
- paste the copied command
- open PowerShell
- run this command to continue
- follow these steps to access the page
- fix the browser problem
The wording changes, but the idea is the same: the page wants you to run something manually.
That matters because once you run a command yourself, you may unknowingly give the malicious script permission to download or install malware. This can sometimes bypass normal warning signs because the action looks like it came from the user.
The Swiss National Cyber Security Centre has also warned about ClickFix-style attacks, explaining that fake technical problems and verification prompts can mislead people into manually running malicious code through their computer’s command line.
What could happen if you follow the instructions?
The result depends on the exact scam, but the risks can be serious.
A fake CAPTCHA or ClickFix attack may try to install:
- password-stealing malware
- browser hijackers
- remote access tools
- unwanted extensions
- fake updates
- malicious scripts
- software that steals browser cookies or login sessions
- malware that downloads further infections later
In plain English, the scam may try to get access to things saved in your browser or computer. That can include passwords, email sessions, online accounts, banking-related information, cloud accounts, crypto wallets, or business logins.
Not every case ends in disaster, but it should always be treated seriously. If something has been run on the machine, it is better to check it properly than assume everything is fine because the pop-up disappeared.
We already covered wider scam warning signs in our article How To Spot A Phishing Email, Fake Virus Warning Or Scam Text Before It Costs You. Fake CAPTCHA scams are part of the same family, but they deserve separate attention because they often look like a normal website step rather than an obvious scam message.
The biggest warning sign: a website asking you to run commands
This is the rule to remember:
A normal website should not ask you to open Windows Run, PowerShell, Command Prompt or Terminal to prove you are human.
If a website does that, leave the page.
Do not continue because the page looks professional. Do not continue because it mentions a known brand. Do not continue because it says the step is required. Do not continue because it copied something to your clipboard for you.
That last point is important. Some of these pages can place a command on your clipboard, then tell you to paste it somewhere else. You may think you are pasting harmless verification text, but you could actually be pasting a malicious command.
A genuine CAPTCHA might ask you to tick a box or identify traffic lights. It should not ask you to behave like a system administrator at 11:30pm because a random website says so. That is not verification; that is a trap wearing a high-vis jacket.
What should you do if you see one?
If a website shows a suspicious CAPTCHA or “click to verify” page asking you to run commands:
- close the tab or browser
- do not press Windows + R
- do not paste anything into a command window
- do not open PowerShell or Terminal
- do not download a “fix”
- do not install a browser extension from that prompt
- do not enter passwords or payment details on that page
If the browser will not close normally, shut it down through Task Manager or restart the computer. If you are not comfortable doing that, turn the machine off and ask for help before continuing.
For small businesses, it is also worth warning staff or family members. These scams work because they look like routine online friction, not because people are careless.
The UK National Cyber Security Centre’s phishing guidance explains that malicious websites can be part of wider phishing attacks, and that layered protection and user awareness are both important. That is especially true for scams like this, where the user is being tricked into completing part of the attack.
What if you already followed the instructions?
If you have already followed a fake CAPTCHA instruction and ran a command, treat it as a possible infection.
The safest next steps are:
- disconnect the computer from the internet if possible
- do not log into important accounts from that machine
- do not enter banking details or passwords
- do not keep trying random fixes from the web
- change important passwords from a different trusted device
- check email, banking and cloud accounts for unusual activity
- get the computer inspected properly
If the machine is used for business, email, customer details or accounts work, it is especially important not to ignore it.
At CRN, our Virus & Malware Removal Norwich service can help check affected PCs and laptops for malware, unwanted software, browser hijacks and suspicious behaviour. If files have gone missing, become inaccessible, or the storage device is also showing problems, our Data Recovery Norwich service may also be relevant.
Why “it looks fine now” is not enough
One of the awkward things about modern malware is that it does not always announce itself.
Older infections often made a computer obviously slow, noisy, full of pop-ups or nearly unusable. Some still do. But many modern threats are quieter. They may try to steal browser data, saved logins or account sessions in the background, then disappear or wait for further instructions.
That means the absence of obvious symptoms does not prove the machine is clean.
If you followed instructions from a suspicious website, especially one involving Windows Run, PowerShell, Terminal or copied commands, it is sensible to get the machine checked even if it appears normal afterwards.
You can also find more practical repair and security advice on our Computer Repair Advice Norwich page.
How to reduce the risk
You cannot avoid every dodgy website or malicious advert, but you can reduce the risk.
Good habits include:
- keeping Windows and browsers updated
- using reputable security software
- avoiding unknown download links
- not installing browser extensions from random prompts
- checking website addresses carefully
- closing pages that use pressure or unusual instructions
- never running commands from a website unless you fully understand them
- keeping backups of important files
- asking for advice before clicking through something suspicious
For families, it is worth explaining this scam in simple terms: a website should not ask you to open a command box to prove you are human.
For small businesses, the same rule should be part of basic staff awareness. These attacks do not need someone to be reckless. They only need someone busy, distracted, or trying to get past what looks like a normal website check.
Need help after a suspicious CAPTCHA or browser warning?
If you are in Norwich or the surrounding area and you think you may have clicked a fake CAPTCHA, followed a suspicious browser instruction, or run a command from a website, it is better to stop and get the machine checked.
At Computer Repair Norwich, we can inspect the device, check for malware or unwanted software, review suspicious browser behaviour, and advise on the safest next step.
You can contact Computer Repair Norwich to arrange an appointment.


