Beware of ClickFix Attacks

ClickFix attacks are surging—and fast. They’ve become the second most common social engineering scam, right behind phishing. But unlike phishing, which tricks victims into clicking a bad link, ClickFix tricks victims into essentially hacking themselves.

Hackers don’t need to break into a system using complex code or exploit vulnerabilities. Instead, they rely on a simple formula: click, copy, paste—and the victim has unknowingly opened the door.

Here’s how it usually works

The victim sees a fake warning. A pop-up or webpage says something like “Your browser is broken” or “Security update required.” The message will look official and will often mimic trusted brands like Google, Microsoft, or antivirus software. The pop-up instructions will say something like, “Copy this command and paste it into your computer’s command line or terminal,” and once run, that command can install malware, steal data, or grant remote access to the computer.

Often, this code can bypass traditional signature-based antivirus software because the code is being run manually. And it’s hard to trace because these attacks often run in memory and leave no files behind.

In Portugal, government workers were tricked into running commands that launched malware through fake tax authority pages. In Switzerland, users of a popular marketplace were lured into fake CAPTCHA pages that installed remote access tools. Even healthcare facilities in the U.S. were hit—over 300 were compromised by ClickFix campaigns disguised as medical software updates.

ClickFix attacks first appeared in late 2023 and exploded in popularity through 2024 and 2025. Cybersecurity experts report a 500% increase in just one year. Today, it’s one of the top ways hackers infiltrate systems, second only to phishing.

How to stay safe

• Never copy and paste commands from random websites.
• If a message says “fix this now,” it’s important to stop, think, and analyze before taking any action
• Real updates do not ask for Terminal or PowerShell use.
• Using a “behavior-based” endpoint protection software, such as Crowdstrike Falcon Go or Microsoft Defender, on your home computers provides better security.

ClickFix attacks are deceptive—but they rely on one key factor: the victim’s willingness to follow instructions without questioning their source. The most effective defense is awareness. If something seems suspicious, trust your instincts and avoid taking action.