"Clickfix is a method to bypass traditional anti-phishing techniques by luring victims into providing initial access to a network or system, thereby eliminating the need for malware to do so. Fake error messages, seemingly minor technical issue alerts, and more dubious messages -- such as apparently free ways to install licensed software -- are displayed to a victim alongside a simple step-by-step guide."
"Cybercriminals are shifting their techniques to focus on the human element, with Clickfix social engineering and AI abuse becoming even more popular. On Wednesday, Mimecast published its latest Global Threat Intelligence Report, which tracked threat activity and analyzed trillions of signals from January to September 2025. The report on modern cyberthreats includes the usual suspects: phishing, ransomware, exploitation of popular business tools like DocuSend, and industry-specific threats."
Cybercriminals shifted techniques to target the human element, increasing use of Clickfix social engineering and AI abuse. Mimecast tracked threat activity and analyzed trillions of signals from January to September 2025. Threats include phishing, ransomware, exploitation of business tools like DocuSend, and industry-specific attacks. Clickfix bypasses anti-phishing by prompting victims to provide initial access through fake error messages and step-by-step guides, often directing PowerShell commands that download information stealers or ransomware. Clickfix rates surged 500% in the first half of 2025 and accounted for about 8% of attacks. AI-enhanced BEC and phishing are making scams harder to detect.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]