Passaic Schools

We want to make you aware of an online scam called ClickFix that is targeting people across schools and workplaces. It is designed to trick even careful users, so we want to take a moment to explain what it is, what it looks like, and what you should do in the event you are targeted.

ClickFix is a trick where a fake pop-up or webpage tells you there’s a problem with your computer and gives you step-by-step instructions to “fix” it yourself. The page might look like it’s from Microsoft, Google, or another trusted company. If you follow the instructions, you unknowingly run a harmful program that can steal your passwords, install malware, or give attackers access to your computer.

Be on alert if you see any of the following:

• A pop-up saying your computer has an error, and you need “fix” it.
• Instructions to press Windows + R on your keyboard or open Terminal on Mac and paste in a command.
• A fake “I’m not a robot” verification step that asks you to copy and paste something.
• A simulated Windows Update or Chrome error telling you to run a command to finish an update.
• Any message creating urgency, pressuring you to act fast.

The key rule is that a legitimate website, will never ask you to copy and paste a command outside of your web browser. So, what should you do?

• Stop immediately – do not follow the instructions.
• Close the browser tab or window.
• Do not paste anything into any prompt, box, or command window.
• Report it to the IT Helpdesk.
• If you already ran a command, contact IT right away and do not shut down your computer – keep it on but disconnect it from Wi-Fi or unplug the network cable so we can investigate.

When in doubt, contact IT before clicking anything. We would rather get a false alarm call than deal with an incident.