BSides Vancouver 2026

ClickFix and FakeCaptcha attacks represent sophisticated social engineering tactics designed to deceive users into performing unintended actions, such as downloading malware or facilitating unauthorized transactions. By exploiting user trust through realistic CAPTCHA prompts or deceptive "click-to-fix" scenarios, attackers are able to bypass traditional security defenses, resulting in malware infections, data theft, or financial losses. 
 
This presentation provides a technical overview of current ClickFix and FakeCaptcha attack methodologies, including the novel “EtherHiding” technique. The talk will walk through analyses of real-world incidents, discuss the variations of FakeCaptcha attacks and outline various payloads as well as present indicators of compromise. Attendees will learn effective detection strategies, proactive prevention techniques leveraging threat intelligence, and practical steps organizations can implement to safeguard users against this evolving cyber threat.