A 22-year-old college student from Toronto has shared a warning with netizens after being targeted by a popular scam tactic.
Alexandra, who requested to be identified by her first name in a message to Newsweek, shared her experience on Reddit, attaching a photo of a pop-up that appeared on her computer screen, asking her to complete several steps to prove she wasn’t a robot.
The problem, however, is that the prompts she was instructed to follow would download and execute code to install malware on her device, a popular scam tactic.
“I can see so many people falling for this,” Alexandra wrote. “It’s evil.”
What is a ClickFix Attack?
ClickFix is a dangerous malware attack that has increased in popularity over the past few years, preying on unsuspecting users who have grown used to clicking through CAPTCHA tests to prove they aren’t a robot.
Users are often redirected to a bogus page, where fake CAPTCHAs are presented to solve, or users are prompted to follow instructions that run and execute a harmful program on the computer in the Windows Run or macOS terminal.
Once users have infected their own device with the malware, attackers can bypass security controls and harvest sensitive user data.
The best way to avoid ClickFix attacks is to be aware of them—question unexpected prompts skeptically, make sure your device is updated, and verify the legitimacy of prompts before you execute them.
Alexandra, a former PC shop employee who has built PCs, told Newsweek she had been in class when she saw the pop-up, and when she showed it to her classmates, she found it “pretty spooky that most of them weren’t aware of the issue.”
“I know Win + R opens Dialog and pasting something you don’t know is very stupid,” Alexandra told the publication. “I have had to open and run things on Dialog before.”
She noted that she was “genuinely shocked” that her post went so viral.
‘So glad’
“I shared this on Reddit because I thought of my mom, who would easily fall for this,” she explained. “She’s not very computer-literate, and I was hoping sharing could prevent at least one person from getting their device hacked.”
“I haven’t been trained in cybersecurity or anything,” she added. “I’m literally just a 22-year old college girl who likes computers/tech, hence my former job and PC background.
“I’m so glad I didn’t fall for it.”
‘Panic’
Reddit users flocked to the comments to weigh in, with many sharing their own experiences with ClickFix schemes.
“Was once 30-something hours without sleep and autopilot did one of these without thinking for a supposed verification I needed,” one recalled.
“I realised and fully woke up on the spot like 2 minutes later in panic. Antivirus caught and purged it, and I did a rollback and password resets to be safe, so it was fine.”
Another gave some practical advice: “If you see these instructions, just close the website, copy some random text from anywhere to clear the clipboard and you’re good.”
Newsweek has reached out to cybersecurity experts for comment via email.
About the Author
Discover more from USA NEWS
Subscribe to get the latest posts sent to your email.
