Cybercriminals are constantly changing their tactics, but one of the fastest-growing scams we're seeing is called ClickFix.
Unlike traditional malware that exploits software vulnerabilities, ClickFix tricks you into unknowingly installing malware yourself. The attack is disguised as a legitimate verification step or a solution to a fake computer problem.
It has quickly become one of the most common ways attackers gain access to small business networks.
ClickFix is a social engineering attack that convinces users to paste a malicious command into Windows.
A malicious webpage may pretend to be:
Instead of asking you to click a button, it instructs you to perform keyboard shortcuts that secretly execute malware.
The page typically instructs you to perform these three steps:
Press Windows + R
Press Ctrl + V
Press Enter
To make the request sound legitimate, the page may claim you need to:
If a website ever asks you to press Windows + R, you are looking at an attack. Full stop.
Here's what's really occurring behind the scenes.
Opens the Windows Run dialog, which can launch programs and execute commands.
Pastes a malicious command that the webpage secretly copied to your clipboard. It often begins with commands such as:
powershellmshtaExecutes the command, downloading malware or remote-access software onto your computer.
Within seconds, an attacker may be able to:
If you encounter a page like this:
Do not press any of the requested keyboard shortcuts.
If the page prevents you from closing it, press Ctrl + Shift + Esc to open Task Manager and force-close your browser.
Notify your IT department or managed IT provider.
If possible, take a photo of the screen with your phone before closing it. This helps identify and block the threat.
If you're wondering whether the page might be legitimate...
It isn't.
| Legitimate Website | Potential Attack |
|---|---|
| May ask you to click a checkbox or select images | Asks you to press keyboard shortcuts |
| Microsoft support works through Windows Settings or official support tools | A webpage tells you to open the Windows Run dialog |
| CAPTCHAs ask you to click images or "I'm not a robot" | A CAPTCHA tells you to paste commands |
| Error messages appear inside the application that's having the problem | A random webpage gives you keyboard instructions |
Our team recently responded to a real ClickFix incident involving one of our clients.
The employee wasn't careless.
The page looked professional, created a sense of urgency, and closely resembled websites people use every day.
That's exactly why these attacks are successful.
The best defense isn't better eyesight—it's knowing this scam exists before you encounter it.
Remember this simple rule:
No legitimate website will ever ask you to press Windows + R, paste a command, and press Enter.
If you ever see instructions like this:
There is no downside to reporting a suspicious webpage—but there can be serious consequences if you don't.
Cybercriminals are constantly changing their tactics, and attacks like ClickFix are just one example of how quickly new threats emerge.
That's why we publish our Cybersecurity Tip of the Week—a free weekly email designed to help business owners and employees recognize today's most common scams before they become tomorrow's security incident.
Each tip takes less than 30 seconds to read and provides practical, real-world advice you can put to use immediately.
Click the button below to subscribe and receive your free Cybersecurity Tip of the Week every Wednesday.