Security Alert: Fake CAPTCHA Compromises on the Rise

Threat actors are constantly evolving their tactics to be more convincing. We want to bring your attention to a sneaky social engineering technique called ClickFix that cybercriminals are using to trick unsuspecting users.

Here’s what you need to know to stay safe:

What is ClickFix?

ClickFix involves fake error messages that pop up on your screen, urging you to copy, paste, and run commands to “fix” a supposed issue. These messages can appear from compromised websites, malicious emails, or even infected documents.

How Does It Work?

Fake Error Message: You receive a pop-up or dialog box with an error message.
Instructions to Fix: The message provides detailed steps, often asking you to copy and paste a command into your terminal or command prompt.
Malicious Code Execution: By following these instructions, you unknowingly execute malicious code, giving attackers access to your system.
How does it look:

(Click image to enlarge)

Why is it Dangerous?

Bypasses Security: Since you are the one executing the command, it can bypass many security measures.
Data Theft: Attackers can steal sensitive information, install malware, or gain control of your system.
Widespread Impact: This technique can be used in various environments, from personal computers to corporate networks.

How to Protect Yourself:

Be Skeptical: Always question unexpected error messages, especially those asking you to run commands.
Verify Sources: Check the legitimacy of the message by contacting your IT department or the software provider directly.
Update Software: Keep your operating system and software up to date to protect against known vulnerabilities.
Use Security Tools: Employ antivirus and anti-malware tools to detect and block malicious activities.

If you think you’ve fallen for a ClickFix scam, it’s important to act quickly to minimize potential damage. Here are the steps you should take:

Immediate Actions:

Contact IT Security or your department IT: If you’re using a work computer, inform your IT or security team right away so they can take appropriate measures.
Disconnect from the Internet: This can help prevent further malicious activity and data exfiltration.
Do Not Follow Any Further Instructions: Stop executing any commands or following any steps provided by the suspicious message.
[Personal Devices] Run a Full System Scan: Use a reliable antivirus or anti-malware program to scan your system and remove any detected threats. [Good news! Crowdstrike is actively blocking the process execution on your work issued computers.]
Change Your Passwords: If you entered any login credentials, change your passwords immediately, especially for sensitive accounts like email, banking, and social media.If you’re using a work computer, inform your IT or security team right away so they can take appropriate measures.

Long-Term Steps:

Monitor Your Accounts: Keep an eye on your financial and online accounts for any unusual activity. Consider setting up alerts for suspicious transactions.
Enable Multi-Factor Authentication (MFA): This adds an extra layer of security to your accounts, making it harder for attackers to gain access even if they have your password.
Update Your Software: Ensure your operating system, browsers, and all software are up to date to protect against known vulnerabilities.
Educate Yourself and Others: Learn about common phishing and social engineering techniques to avoid falling for similar scams in the future. Share this knowledge with friends, family, and colleagues.

By taking these steps, you can help protect yourself and your data from further harm. If you need more detailed guidance or assistance, feel free to ask!

Stay vigilant and share this information with your colleagues and friends to help them stay safe from ClickFix scams!

If you have any questions or need further assistance, feel free to reach out to security@uchicago.edu!

Sources
Want to learn more? Here are additional articles that will help you to learn more about this social engineering technique.