ClickFix is currently being deployed against school districts, hospitals, and businesses across the country, and security researchers say its reach is growing. Unlike traditional phishing attacks that rely on suspicious email attachments, ClickFix requires no download and no file to open. Instead, it manipulates the victim into running malicious code themselves.
How ClickFix Works
ClickFix is a scam where a website pretends something is broken on your computer, then walks you through "fixing" it yourself. These websites or pop-ups are designed to look urgent and official. Common disguises include:
- Fake CAPTCHA — "Verify you're human" prompts that asks you to follow extra steps instead of just clicking a checkbox
- Fake browser error — "Your browser is out of date" or "This page couldn't load — follow these steps to fix it"
- Fake document viewer — "Microsoft Word couldn't display this document — click Fix to resolve"
- Fake IT alert — A popup styled to look like a Windows security warning
After showing you the fake problem, the page tells you to:
- Press Windows Key + R (or open the start menu and search for “Run” or “cmd”)
- Paste something into the box that appears
- Press Enter
Instead of “fixing” the problem, you're actually pasting a hidden command that silently installs software giving a criminal remote access to everything on your device including your files, emails, passwords, and even your webcam.
ClickFix Example Messages
Refer to the slideshow below to see actual examples of ClickFix campaigns.
What To Do If You Encounter A Suspicious Website
If a website displays any of the warning signs above, stop immediately. Do not follow any instructions it provides, do not call any phone number it displays, and do not paste anything it shows you. Close the browser tab, then report the website to the I.T. Team. Even a partial URL helps us investigate!
Ways You Can Report:
- Submit a Helpdesk Ticket
- Call us at: (951) 736-5190
- Submit an incident report through CyberInsights.
What If I Already Followed the Steps?
Don’t panic, but do act quickly. The sooner we know, the more we can do. There is no judgment here, these scams are professionally designed to fool people. Reporting it fast is the right thing to do.
- Disconnect from Wi-Fi or unplug the network cable immediately. This severs the attacker’s connection before they can extract more data.
- Call I.T. right away: (951) 736-5190 Don’t wait, and don’t restart the computer first.
- Do not attempt to reverse or clean up the infection yourself.