Skip to main content


Repost Message will copy the article into draft mode and enable you to edit/change dates and information.
Do not change the dates of this posting because it will affect the original.
valid_elements: 'strong/b,p,br,i,em,ul,ol,li[style],a[href|target]',

MCC Daily Tribune

Tech Alert: Watch Out for Fake CAPTCHA Pages

You’ve seen CAPTCHA prompts before, the familiar “I’m not a robot” checkbox or image puzzles websites use to confirm you’re human. Attackers are now using convincing fake CAPTCHA pages to trick people into unknowingly running malicious commands on their computers.

How the scam works

You click a link, often from an email, a website, or a search result, and a page appears that looks like a routine CAPTCHA check. Instead of simply asking you to check a box or select images like red lights or bicycles, the fake prompt instructs you to:

  • Press a keyboard shortcut (such as Windows key + R)
  • Paste text into a box that opens
  • Press Enter

If you follow these instructions, you’ve just executed a malicious command on your computer.
This technique works because it feels routine and authoritative. While security software may block what gets downloaded, the safest defense is not following these instructions in the first place.

Important to know:

No legitimate CAPTCHA will ever ask you to press keyboard shortcuts, run commands, or paste anything into your computer.

Red flags to watch for

  • A CAPTCHA that asks you to press key combinations or open anything on your computer — real CAPTCHAs never do this.
  • Instructions to press Windows + R, open a “Run” box, or paste commands into a Run dialog, Command Prompt, or PowerShell window.
  • Urgent language such as “Complete verification to continue,” especially with timers or warnings.
  • A CAPTCHA that appears after clicking an unexpected or unsolicited link.

What to do

  • Stop immediately and close the browser tab.
  • Do not copy or paste anything from a web page into the Run dialog, Command Prompt, or PowerShell.
  • If you followed any of the steps described above, your computer may have been compromised. Please contact Employee Technical Support right away at ext. 8324, option 3.

Prompt reporting safeguards both you and MCC systems.

Stay engaged and alert. Slow down when something feels off. Review the tips from Take 9 and Pause Before You Click.

When in doubt, stop and call Employee Technical Support, Monday through Friday, 8:45am to 4:45pm, at (585) 292-TECH (8324).

Scott Broberg
Communications and Network Services
06/02/2026