Microsoft Warns of Rising ‘ClickFix’ Attacks That Trick Users Into Executing Malicious Code
A new social engineering technique called ClickFix is becoming cybercriminals’ favorite initial access method, accounting for nearly half of attacks tracked by Microsoft. Unlike traditional phishing, these attacks convince users to copy and paste malicious commands that execute fileless payloads invisible to security tools.
Social Engineering Attack Bypasses Traditional Security Measures
Security researchers at Microsoft are warning about a sophisticated social engineering technique that tricks users into hacking their own systems, according to the company’s latest Digital Defense Report. Dubbed “ClickFix,” this method has become the most common initial access vector for cybercriminals, accounting for 47% of attacks tracked through Microsoft Defender Experts notifications over the past year.