Beware This Scary Hacking Tactic

Beware This Scary Hacking Tactic: a reader asked…

I received this popup in my browser when visiting a website on my Windows computer. After reading your articles on scams and hacking, I’m much more careful about clicking on things automatically, but this looks real, like it comes from Microsoft Edge. Is it, or is it a scam?

This is one of a new type of phishing hacks that criminals are using. It’s called a ClickFix attack, targets Windows Users, and you need to close Edge and then reboot your PC. If you then run Edge and it pops up again, close that browser tab (or open a new browser tab and close the bad one), then close Edge and reboot your PC.

This kind of hacking attempt can be in a popup in Edge or elsewhere. The common aspect is you’re being asked to press the Windows Key and the “R” key, and then paste using Ctrl and the “V” key. This can be worded differently, but is the same kind of attack. What that does is open a Run window in Windows, and then executes the malware script which you (without knowing) copied to your clipboard when you clicked the Copy Fix button.

People who design websites can create whatever display they want, and the popup box in your case was designed either by the webmaster of that site, or by a hacker who gained access and control over that website. While it looks like a popup box, it’s just a specially-formed web page that opens in a new window, similar to how you can click on an image in this website and that opens a new tab with a larger version of the image.

Don’t fall for this, or any other type of scam. Legitimate websites get hacked every day, mostly because so many small businesses (and even not-so-small) setup their website without any security. For you webmasters out there, please, please, please install a good website security product. I can recommend Solid Security Pro, from SolidWP. It takes a bit to get this configured to secure your website, but it’s well worth the investment in time. Also worth your time is going through the documentation to understand how it works and how to set it up. See https://solidwp.com/documentation/security/setup-guide/.

You can read more about ClickFix attacks in this Infosecurity Magazine article and it is growing rapidly, affecting both consumers and business users. Over the last year attacks have ramped up significantly, with Infosecurity noting that the last six months have seen a 517% growth in this type of social engineering attack.

I think for anyone using the internet these days, you have to use it with a certain amount of paranoia. Criminals are so successful at hacking us because we are in general a trusting species, particularly when it comes to working with something about which we are not very well-versed, such as how the internet and modern technology works. By ‘paranoia’, I mean that anything you see on your computer that is not familiar to you should be considered a potential threat. Any popup, unsolicited email or text message, any website (yes, even this one) has a potential criminal lurking behind it, trying to hack your digital life. Well, maybe not this website, I work very hard at protecting this site from hacks. But even if you see something that looks familiar, most of these hack attempts are trying to get you to click something, go to a website, call a number, or do something – all can be setup to hack your digital life. Be wary, and be safe.