Cybercriminals are increasingly using a social engineering attack called ClickFix, which manipulates victims into unknowingly initiating cyberattacks on their own systems. According to Microsoft’s 2025 Digital Defense Report, ClickFix has become the most common initial access technique, recorded in 47% of attacks tracked by Microsoft Defender Experts over the past year. This rise is largely attributed to attackers’ growing ability to bypass traditional anti-phishing protections and successfully exploit human behavior.
What is ClickFix?
ClickFix is a deceptive tactic that capitalizes on users’ desire to solve perceived simple technical problems. It typically starts with a phishing email or fraudulent website designed to look like a legitimate service—one notable example was seen in spoofed Booking.com emails during the 2024 holiday season.
The victim is prompted through a fake notification to resolve an issue, often by copying and pasting a code snippet or clicking through a sequence mimicking technical support instructions. Unbeknownst to t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: