ClickFix attacks are rising - here's how to spot them

There is a scam technique that’s gotten super popular in these last couple of months that I think you should be aware of.

It’s called ClickFix, and often leads to people having their bank accounts cleared out. I’ve also seen reports of ClickFix being used to straight up destroy computers, steal sensitive business data, and take over social media accounts, which are later used to distribute more malware. 

Different hacking groups are spinning ClickFix differently, so there is some variety to the technique. The core principle remains the same, though, and that is - you’re introduced with a “problem”, and immediately presented with a “fix”. Hence the name - ClickFix.

Most of the time, the attack starts with a compromised website. 

• Let’s say a site you’re frequenting has poor security, and hackers managed to get admin access (it’s super common, by the way). 

• Once they get admin access, they create a pop-up message that’s displayed on some (or all) of the pages on your website.

• That pop-up says “Your browser is out of date. To view the contents of this website, please update your browser.” 

• Or “Virus found on your computer. To remove the infection, click here.” 

• Or “To verify you’re human, complete this CAPTCHA”.

• There are different implementations of the same idea, and new ones are popping up every day, but the idea is the same.

• When you click on the button offering the solution, you’ll jump through a few hoops and ultimately end up installing malware on your computer. Maybe you’re told to download something, or you’re told to copy a command and paste it into the Windows Run program. 

Whatever the case may be - if you’re told to download and run anything on your computer - you’re being targeted with malware.

Just because the website you’re visiting wasn’t malicious yesterday - it doesn’t mean it can’t turn sour today. Sites get taken over all the time, mostly through vulnerable plugins that allow the attackers to install malware and gain admin access. 

So, regardless of which website you’re visiting, always be on your guard for potential attacks. 

• Get a solid antivirus solution running (Microsoft’s default Defender for Windows will suffice in most cases)

• Sit behind a VPN or a firewall if you can

• Don’t store your passwords in a Notepad or Word file - use a password manager instead (they’re free and do a great job at protecting your passwords)

• Use two-factor authentication for all important accounts (banks, social media accounts, business website, etc.)

• And don’t download stuff from shady sources - especially messages coming in via email or social channels. Check your sources first. 

Here are just a couple of recent news reports discussing ClickFix and its different variants, if you want to learn more:

Until next time, stay safe out there!

• Sead from SmallBiz CyberWiz

^{Header image grabbed from Proofpoint, make sure to give their ClickFix analysis a read, too!}