Watch Out for ClickFix Attacks

You’re trying to print a document, and it fails. A moment later, a message appears from the “IT helpdesk” telling you to type a short command into the Windows Run window. It feels like a simple, logical fix — but by running the command, you’ve just given an attacker access to your computer.

This new type of scam is called a ClickFix attack. Instead of tricking you into clicking a link, criminals convince you to type a command yourself. The command looks harmless but actually installs malware that lets attackers take control of your screen, copy files, and record your keystrokes.

The trick works because it feels like you are fixing the problem. No suspicious links, just a simple step that makes sense in the moment. To make matters worse, hackers often know what issue you’re experiencing, thanks to data from infected websites or apps. This makes their fake “helpdesk” messages seem even more convincing.

What you should do

• Never run commands from an email or chat. If in doubt, contact your IT team directly.

• Stay alert to “too perfect” help messages that appear right after an error.

• Only install apps from trusted app stores to reduce the risk of infections.