Cybercriminals are using a tactic called ClickFix to trick people into compromising their own devices. These scams use fake error messages, security warnings, or fake CAPTCHA verification prompts that tell users to take steps to “fix” a problem.

One common trick is instructing users to press Windows + R to open the Run box, then press Ctrl + V to paste a command the attacker has placed on the clipboard. If you follow these steps, you may end up running malicious code without realizing it.

What ClickFix Looks Like

A ClickFix attempt may:

• Claim your browser or computer has an issue
• Appear as a fake CAPTCHA or verification check
• Tell you to press Windows + R
• Instruct you to press Ctrl + V and then hit Enter
• Ask you to copy and paste a command into PowerShell, Command Prompt, Terminal, or Run
• Prompt you to install a fake update
• Use urgent language like “fix this now” or “action required”

These prompts are designed to make harmful actions seem like normal troubleshooting.

What to Watch Out For

Be cautious if a website, pop-up, or email asks you to:

• Complete a CAPTCHA by following unusual steps
• Use keyboard shortcuts like Windows + R
• Paste something with Ctrl + V
• Run commands on your computer
• Download unexpected software
• Take immediate action to fix a supposed issue

A legitimate website or service should never ask you to open the Run box, paste in a command, or complete a CAPTCHA by running commands on your computer.

How to Stay Safe

• Do not press Windows + R and paste commands from a website
• Do not use Ctrl + V unless you know exactly what is being pasted
• Be cautious of CAPTCHA prompts that ask you to take actions outside your browser
• Do not install software from unexpected prompts
• Close suspicious tabs or browser windows
• Only download updates from trusted, official sources
• If you are unsure, contact the OIT HelpDesk or your IT Admin

If You Suspect You Were Targeted

If you followed instructions from a suspicious website or prompt, report it right away to Information Security (ISO), contact the OIT HelpDesk, or reach out to your departmental IT Admin. The sooner the incident is reported, the faster the risk can be contained.