Picture this: You visit a website, and a pop-up says your computer has a technical problem. To fix it, the page says to press Windows + R, paste a short command, and hit Enter. It looks official.
If you follow those steps, you’ve just installed malware on your own machine as part of a scam called “ClickFix.”
Why it works
ClickFix is effective precisely because it bypasses the things security software is designed to catch. There are no suspicious email attachments or strange downloads, just instructions that appear legitimate to unwitting victims. The attackers behind it exploit people’s instinct to fix problems quickly, especially when they believe something is wrong.
What to watch for
Any website that says to open a command window, paste text into it and press Enter may be attempting a malware attack. Legitimate services will never suggest doing this.
If you see a prompt like this, stop and follow these steps:
- Close the browser tab immediately.
- Do not paste anything into a Run dialog or terminal.
- Report the site or email that brought you there to IT Service Desk at 303-605-7000 or through the ITS portal.
- If you already ran a command, contact IT Service Desk right away. Quick action limits damage.
Sources
Microsoft Security Blog (Aug. 2025)
