Security Awareness: Be Alert for ClickFix Verification Scams

From Coachella Valley MVCD
 
The Information Technology Department would like to make everyone aware of a growing cyber threat known as the ClickFix Scam.
 
ClickFix is a social engineering technique used by cybercriminals to trick users into infecting their own computers with malware. Unlike traditional phishing emails, this attack often appears on what looks like a legitimate website. In many cases, the website itself has been compromised, causing an otherwise trusted site to display a fraudulent verification message.
 
The fake verification screen may claim that you must “Verify you are human” or “Complete a security check” before you can continue. It then instructs you to press Windows + R, open a command window, Terminal, PowerShell, or Command Prompt, paste a command that has been copied to your clipboard, and press Enter.
Please remember the following:
  • A legitimate “Verify you are human” or CAPTCHA challenge will never ask you to open Windows Run, Command Prompt, PowerShell, Terminal, or any other system tool.
  • Windows does not use a verification window that requires users to run commands to prove they are not a robot.
  • The command that is copied to your clipboard is typically hidden from you, meaning you do not know what is actually being executed on your computer.
  • Running the command can download and install malware, ransomware, password stealers, or other malicious software that may compromise both your computer and the District’s network.
If you encounter a webpage that instructs you to run a command on your computer to verify your identity or prove you are human:
  1. Do not press Windows + R or open any command-line application.
  2. Do not paste or execute any command.
  3. Close the browser window immediately.
  4. Contact the Information Technology Department before continuing.
Your awareness is one of the most effective defenses against cyber threats. If something does not seem right or you are unsure whether a message or webpage is legitimate, please contact your district’s Information Technology Department.