You are on your phone looking through websites. You click on one that you want to read more information on when a popup comes up. It says that you need to verify your identity before proceeding to the website. It gives you steps to take on where to go and what to do. You want to quickly move past this and get to the site, but this popup is very out of the ordinary. What do you do?
This is an example of a cyber attack referred to as ClickFix. These take the form of popups that say things like you need to verify your identity, you need to upgrade the app you are using, you need to register before proceeding, or that the website has a technical error and you need to go elsewhere to fix it. Despite the varied forms they might take, they have a set formula. They want the targeted victim to perform a specific command and go to another digital location. These attacks rely on the victim’s actions to complete the crime.
The National Security Agency (NSA) warns that ClickFix is one of many common ways hackers will attack your computer. Recently, though, this type of attack has spread to iPhones and Androids. If anything unexpected comes up on your phone, do not interact with it. There are key steps you can take and certain things to look for to protect yourself. However, some of these ClickFix attacks are very well disguised.
What do to if you see a ClickFix popup
If a popup comes on your phone prompting you for some action, do not take it. You can’t automatically trust that it is secure. It is best to close out all of your apps and go back to the home screen. Don’t try to close the popup or try to click away from it. Simply close everything down.
There are some other steps you can take to stay safe. Avoid talking about personal information on your phone, such as texting your partner about banking information or passwords. Don’t respond to unknown texts or emails, and especially don’t open any attachments or click on any links within them. Only let apps you trust have access to your location, and only when necessary. If you think a popup might have been legitimate, it is still fine to close out all apps and then reach out to the company it supposedly came from to verify its source.
If you think you followed popup directions from a ClickFix attack, take swift action to protect yourself. Change your passwords to avoid accounts being logged into. Contact your bank and let them know you might have been the victim of an attack so they can be on the lookout for suspicious activity and stop it. Use the functions of your smartphone or an app to scan for viruses and remove them. You can even use Google to scan the dark web for your email address.
Examples of ClickFix crimes
Microsoft takes security seriously for its users and provides a lot of advice on types of cyber attacks. Microsoft identified a ClickFix attack in May 2025 targeting government, financial, education, and transportation organizations. It took the form of an email with a ZIP file. Once opened, it sent victims to a fake authoritative website, such as a tax agency, and prompted users to copy and paste command codes. Always be careful about emails that you open.
The Lazarus Group, a known cyber-crime group, has posed as employers seeking to hire people within the crypto industry. They would even have people interview for a fake job with a fake hiring manager. During this process, they would attempt to have the victim click on links or download infected files. It’s a really sad thing to target people who are hopeful about a job opportunity.
Another ClickFix attack posed as those typical messages that have you verify that you are human, such as Google CAPTCHA or CloudFlare that you are used to seeing on certain websites. The attack replicated an exact copy of these messages, not raising any red flags for victims to begin the process. However, it would then tell its victims that to complete the verification process, they need to follow certain keyboard commands which would open another popup. Always be on the lookout for unusual messages on your smartphone to avoid being a ClickFix attack victim.
