ClickFix is changing the economics of social engineering

Jul 15, 2026 - 14:00
ClickFix is changing the economics of social engineering

ClickFix has moved from a one-off social engineering trick into an industrialized attack ecosystem that is outpacing conventional antivirus and endpoint defenses, according to ReversingLabs. The technique first showed up in late 2023 and early 2024, and Proofpoint named it in mid-2024. The method skips exploits and vulnerabilities entirely. A fake webpage, styled as a CAPTCHA check, browser update notice, or meeting error, instructs a visitor to open the Windows Run dialog or macOS Terminal, … More

The post ClickFix is changing the economics of social engineering appeared first on Help Net Security.