Imagine you’re browsing the internet on your phone and click on a website to read more. Suddenly, a pop-up appears asking you to verify your identity before continuing. It provides instructions on what to do next and where to go. You might be tempted to follow these steps to quickly access the site, but something about it feels off. What should you do?
This situation is a classic example of a cyberattack known as ClickFix. These attacks typically appear as pop-ups claiming you must verify your identity, update your app, register before proceeding, or fix a supposed technical error by following certain steps. Regardless of the message, the goal is the same: to trick users into performing an action that leads them to a malicious site or command. The attack only succeeds if the victim takes the bait.
The National Security Agency (NSA) has warned that ClickFix is one of many popular tactics hackers use to infiltrate devices. While it once primarily targeted computers, this method is now spreading rapidly to smartphones, including both iPhones and Androids. If you ever see an unexpected pop-up or message on your phone, the agency advises not to interact with it under any circumstances.
What To Do If You Encounter a ClickFix Popup
If a suspicious pop-up appears on your device asking you to act, such as verifying information or updating software, do not engage. You can’t assume that it’s safe. Instead, follow these steps:
• Close all open apps and return to your home screen immediately.
• Do not attempt to close the pop-up or press any buttons within it.
• If possible, restart your device to ensure the pop-up process ends.
Additional Steps to Protect Yourself
To further safeguard your data and privacy:
• Avoid discussing personal or financial details like banking information or passwords over text messages.
• Never open attachments or click links in emails or texts from unknown senders.
• Limit app permissions, especially location access, only to those you fully trust and only when necessary.
• If you suspect a pop-up might have been legitimate, close all apps first, then directly contact the company through official channels to verify it.
Cyber threats like ClickFix rely on user interaction to succeed. Staying cautious and knowing when not to click can make all the difference in protecting your information and your phone.