ClickFix Chaos! - The Evolution of Social Engineering

ClickFix is a fast-growing social engineering technique appearing in malware campaigns, compromised websites, fake CAPTCHA prompts, and browser verification scams. 

In this episode Tyler Moffitt explains how attackers compromise legitimate sites by exploiting unpatched CMS or plugins, inject malicious JavaScript, and then trick visitors into “verifying” by opening Run/PowerShell and pasting a preloaded command that downloads malware, leading to info stealers and potentially ransomware. 

ClickFix is effective because it leverages trusted brands, bypasses traditional phishing defenses, scales via high-traffic sites, and is increasingly polished through AI. They connect this to the shrinking “patch window,” emphasizing rapid patching, reducing internet exposure, monitoring website integrity, updating user training to avoid pasting commands, and layering defenses like EDR/MDR and DNS filtering.

As featured on Million Podcasts' 

Best 100 Cybersecurity Podcasts  

Top 50 Chief Information Security Officer CISO Podcasts 

Top 70 Security Hacking Podcasts

This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]