What Is ClickFix?
ClickFix is a social engineering technique that emerged in 2024 and has since evolved into one of the more insidious attacks circulating online. Its effectiveness stems from a simple but devastating concept: making you do the dangerous part yourself.
Scammers display fabricated warnings that closely resemble CAPTCHA verification prompts, browser error messages, or system fix instructions. They then direct you to copy a piece of code and paste it into your computer's Run dialog (Windows + R), PowerShell, or Terminal window.
Once executed, the command silently installs malware — potentially compromising your passwords, financial credentials, or giving attackers full control over your device. No suspicious file download required. No security warning triggered. Just you, following instructions.
Why it works: Because you ran the command yourself, many security tools do not flag it as suspicious. The attack bypasses traditional defences by using the victim as the delivery mechanism.
What to Look Out For
- Pop-ups claiming browser verification, errors, or urgent fixes are needed
- Requests to press Windows + R, open PowerShell, or open Terminal — especially if instructions include cryptic code or commands starting with "powershell"
- Suspicious CAPTCHA screens appearing on unexpected pages or on sites that do not typically require verification
- Instructions to paste lengthy code strings into any command tool
- Pressure tactics using phrases like "Do this now or lose access" or "Your account will be suspended"
How to Protect Yourself
- Never paste commands from a website into your terminal, Run dialog, or PowerShell unless you fully understand what the command does and completely trust the source
- Be highly sceptical of CAPTCHA-like prompts on questionable websites — real CAPTCHAs never ask you to run code
- Keep your browser and operating system updated — modern versions include protective features against known attack vectors
- If something feels wrong, close the browser and run a device scan before continuing
- Share this awareness with colleagues and family — legitimate fixes never involve executing mysterious code
Golden rule: No legitimate website, service, or support team will ever ask you to open a command window and paste code into it as part of a normal fix or verification process.