"The report on modern cyberthreats includes the usual suspects: phishing, ransomware, exploitation of popular business tools like DocuSend, and industry-specific threats. However, two trends highlight a shift in tactics targeting the human element in scams, which are honing in on victims with greater efficiency. Clickfix rates surge Many cybersecurity companies and tech giants, including Microsoft, are alerting users to Clickfix -- a social engineering technique that is being adopted by threat actors worldwide."
"Clickfix is a method to bypass traditional anti-phishing techniques by luring victims into providing initial access to a network or system, Fake error messages, seemingly minor technical issue alerts, and more dubious messages -- such as apparently free ways to install licensed software -- are displayed to a victim alongside a simple step-by-step guide. Unfortunately, these "guides" direct users to launch PowerShell and input commands that trigger the download of a malicious payload, including information stealers and ransomware."
Mimecast tracked threat activity and analyzed trillions of signals from January to September 2025. Phishing, ransomware, exploitation of popular business tools like DocuSend, and industry-specific threats remained prevalent. Two notable trends targeted the human element: Clickfix social engineering and AI-enabled business email compromise (BEC). Clickfix lures victims with fake error messages and step-by-step guides that prompt PowerShell commands, triggering downloads of information stealers and ransomware. Clickfix incidents surged about 500% in early 2025 and accounted for roughly 8% of attacks. Cybercriminals increasingly use AI to craft more convincing phishing and BEC attacks, complicating detection and defense.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]