A new phishing campaign utilizing Windows PowerShell and fake CAPTCHA tests has been identified. The campaign is designed to trick users into downloading and installing the Lumma Stealer malware, which steals credentials. According to McAfee researchers, the fake security test manipulates users into believing they are completing a legitimate CAPTCHA. This method has been particularly effective against users searching for pirated PC games. The phishing campaign has scary potential and has been seen in attempts sent via Paperless Post.