As your IT and security team, it is our job to keep businesses safe from cyber threats. Today, we want to warn you about a dangerous new trick hackers are using called “ClickFix.” This isn’t a normal phishing email with a bad link. ClickFix is a clever trick designed to confuse your employees by pretending to fix a common computer glitch.

How the ClickFix Scam Works…

Imagine an employee is trying to join a Google Meet, open a Zoom call, or view a shared document online. Suddenly, a window pops up that looks exactly like a normal error message or a security check.

The message might say something like:

• “Your browser needs a quick update to view this page.”
• “Microphone error. Click here to fix it.”
• “To prove you are human, follow these steps.”

Usually, security software blocks bad files from downloading. The hackers know this, so they try a different trick.

Here’s an actual example that landed in our inbox:

This isn’t from  a company that we’ve ever done business with,  but the link is from an actual, credible business. Maybe they got hacked too!

If you click on the Order link, you see a message like this:

If you click on the box or “Hold to verify” (which is a just like a click), you’re opening yourself to a world of pain!

The popup tells the user to click a button that copies a hidden piece of code. Then, it gives them step-by-step instructions to open a built-in computer tool (like the Windows “Run” box or Mac “Terminal”) and paste that code.

The Trap: The moment the user pastes the code and hits Enter, they aren’t verifying anything. They are accidentally giving a command to download malware or ransomware, completely bypassing the computer’s normal defenses.

Why Is It So Dangerous?

Hackers love this trick because they get the user to do the hard work for them. Security software is great at stopping unauthorized downloads. But when a real user manually types or pastes a command, the computer assumes it is safe and allowed.

Even worse, hackers have broken into hundreds of normal, safe websites—like school or tech blogs—to hide these fake popups. This means your team could run into this trap on a website they visit every day.

3 Simple Rules to Keep Your Team Safe:

Please share these easy safety steps with your staff today:

1. Never Copy and Paste Commands from a Website: Real companies like Google, Zoom, or Microsoft will never ask you to open a “Run” box or Terminal to fix a website error.
2. Watch Out for Fake Urgency: If a website suddenly claims your browser is broken and tells you to run a manual “fix,” close that website tab immediately.
3. When in Doubt, Ask Us: If an employee sees a strange error message and isn’t sure what to do, tell them to pause and contact our helpdesk. Taking one minute to let us check it out can save your business days of headache and downtime.

How We Are Protecting You…

While hackers are getting more creative, we are constantly upgrading your defenses. We have tools in place to watch for strange commands running on your computers, and we block known hacker websites before your team can even visit them.

Technology is only half the battle—awareness is your best defense. By staying alert, we can keep your business secure together.

Want to learn more about how to train your team to spot these tricks? Reach out to us today!