SECURITY HINTS & TIPS: Clickfix Attack

The ClickFix attack tries to trick you into helping the hackers bypass our security systems.

What is ClickFix?
Normally, when you visit a website, it might ask you to solve a CAPTCHA (like picking out all the pictures of traffic lights) to prove you aren’t a robot.

ClickFix mimics this process but adds a dangerous twist. Instead of clicking pictures, it tells you there is a “technical error” with the site and gives you instructions to “fix” it so you can see the content.

How the Attack Works
The goal of this attack is to get you to run a malicious command on your computer without realizing it. Here is the playbook they use:

1. The Prompt: You visit a website and see a pop-up saying a “verification check” or “fix” is required.
2. The Instructions: It asks you to press a series of keys on your keyboard, typically Win + R (which opens the “Run” box), followed by CTRL + V (to paste a hidden command), and then hitting Enter or clicking Run.
3. The Payload: By following these steps, you are actually manually executing a script that allows malware to bypass our automated browser security.

Red Flags to Watch For
A legitimate website or service will NEVER ask you to do the following:

• Press keyboard shortcuts like Win + R to “verify” your identity.
• Paste text into a system command box to fix a website error.
• Follow manual “fixing” instructions just to view a page.

What to do if you encounter ClickFix
If you see a prompt like this, don’t panic!

1. Stop: Do not press any keys or copy any text from the site.
2. Close: Exit the browser tab or close the browser entirely.
3. Report: Let the IT Team know. If you are unsure, it’s always better to ask!

What if I already clicked?
If you followed the instructions on a suspicious site, please contact the IT Service Desk immediately. We will help you secure your account, reset your password, and check your device to ensure everything is clean.