ClickFix Social Engineering Is Becoming More Popular
KnowBe4, Tuesday, August 5th, 2025
ClickFix attacks have been around for decades; only the name is new. ClickFix attacks use social engineering to trick users into clicking on buttons and links that the user is told are needed so their browser or computer can perform some desired action.
The most common type of ClickFix attack example, and where the name itself comes from, is where a user intentionally searches for some sort of computer error they are having.say Windows error 1F0039a (I made that up), and the browser engine returns lots of links regarding that error.
Unbeknownst to the user, the internet search engine results have been gamed (i.e., 'poisoned') so that a simple search for a solution returns a malicious website high up in the results. Usually, the attacker has either created a fake website with the error message embedded in the website over and over (but not visible to users), or they have paid the search engine vendor to have their website returned when that particular keyword is searched on. Either way, the attacker's website link ends up high on the list of websites with solutions.