Click-fix online test page: start the test to see if a real hacker would infect your system

About ClickFix Attacks

Cybercriminals have found an advanced new way to infect computers with harmful malware. ClickFix attacks target unsuspecting online users, tricking them into inputting malicious code by creating false crisis situations. How can you recognize this increasingly common form of cyber attack and what precautionary measures can you take to avoid falling victim to cyber criminals?

What are ClickFix attacks?

ClickFix attacks target victims by creating false crisis situations and a sense of urgency. Online users receive notifications that their browser needs to be updated (e.g. ‘click here to repair’), Microsoft or Google error messages (e.g. ‘contact support’), email attachments that lead to error messages (e.g. ‘to access this document, follow these instructions’) and even fake messages about their security systems (e.g. ‘your account has been hacked, protect it NOW’). Another common strategy employed by cybercriminals is fake CAPTCHA-verification, where the verification continuously fails and users are asked to ‘follow these steps’ for access.

Cognizant readers will have noticed a pattern by now: all of these ClickFix attacks create a problem which the victim has to ‘fix’ by clicking or inputting something. Once they do, they are unknowingly installing malware.

Because the victim is inputting their own commands, this form of cyberattack bypasses antivirussoftware and other traditional security measures, making it a particularly dangerous and advanced form of cyberattack.

How do I recognize a ClickFix attack?

There are a few easily recognizable red flags that indicate that something might be a ClickFix attack. Extreme urgency (‘do it now or lose access!’), unexpected error messages on sites that normally work, having to do something you have never had to do before or only being shown one way of solving a ‘problem’ are among the most common. Moreover, if the solution to a simple problem seems unusually technical and complex, this can be a clear sign that something is off.

More technical ‘tells’ that something is wrong:

  • You are asked to open ‘Windows+R’, ‘PowerShell’ or ‘Command Prompt’
  • Instructions include terms like ‘powershell.exe -w hidden’, ‘curl’ or ‘Invoke-Expression’
  • You have to copy-paste something into a system tool using Ctrl+V
  • Code contains Base64-encoding (long series of random letters and/or numbers)
  • Messages contain long and unclear commands that you have to copy

Lastly, there are a few recognizable visual signs that something could be wrong. If screenshot-instructions are very detailed, manuals contain step by step (numbered) instructions or if you recognize famous logos and colors, but the URL is wrong, these are all signs of advanced ClickFix attacks.

Click-fix online test page: start the test to see if a real hacker would infect your system

If you want to try for yourself press here

Try it!

What happens when a ClickFix attack hits you?

ClickFix is a very effective attack method, which is why hackers use it so widely. Once inside, hackers gain full control of your computer and could:

  • Launch ransomware attacks
    You could receive a notification that all your documents and photos are encrypted. Only if you pay will they promise to decrypt them.
  • Steal your identity documents
    Many people have unprotected passports, driving licences, and ID cards on their computer or, often forgotten, in their mailbox. Hackers could copy these documents and steal your identity to take out loans, purchase goods, commit crimes, or perform other fraudulent acts in your name.
  • Send spam from your device
    Hackers earn money from spam campaigns. They could use your device to send millions of emails. As a result, your internet connection could be blocked by your provider, and your email or domain addresses could be blacklisted.
  • Activate your microphone or camera
    With full system access, hackers could enable audio or video recording without your knowledge.
  • Access your passwords
    If you store passwords insecurely (in text, Word, or Excel files) or in your browser without a proper password vault, hackers could access and use them. Even if you don’t store passwords this way, they could install a keylogger to capture them—it just takes a bit longer.


Conclusion:
The possibilities are endless. There are countless ways hackers could harm you financially or emotionally. This is why protecting yourself against ClickFix attacks is critical.