A malicious new type of attack has come from nowhere to become one of the most dangerous threats to your devices and your data in the last year. Millions of users have been targeted and many have fallen victim, even though it’s easy to stay safe.
We’re talking ClickFix — malicious popups disguised as captchas or technical faults and which trick users into running scripts on their computers to install malware. This is a PC threat, albeit Macs can be hit as well. Microsoft has issued its own advisory, warning users to beware the signs that always signal an attack.
But dangerous popups are not confined to PCs or ClickFix. And you’re at risk on your smartphone as well, which is why it’s recommended to block popups when browsing.
I’m often asked by readers what to do if a popup attack hits one of their devices. My advice is always to exit the app you’re using and to restart the device. That way you’ll clear out any running programs and will likely kill the attack.
Clearly, if you’ve installed software or completed any popup data fields, then you need to do more. Change any passwords you’ve entered and contact your bank if you’ve provided any payment details. And run a blue-chip antivirus check.
America’s NSA intel agency has published guidance for smartphone users on what to do if you see any “unexpected pop-ups” on a mobile. The agency correctly warns these are “usually malicious” and says you need to act immediately.
“If one appears, forcibly close all applications,” it says. Here are details on how to close apps on Android and iPhone devices. But you can go further than this to stay safe.
The NSA advisory was published several years ago, but most advice is the same. The agency says you should update your OS and apps and only install those apps from official stores; it says disable location services and do not click on links or attachments; it says you should use encrypted calls and texts and beware public WiFi.
It could have been issued this week — the advice wouldn’t change. In fact, when the U.S. cyber defense agency issued its recent phone dos and don’ts, it was much the same.
That NSA guide also famously warns users to switch their phones off and on again each week to help protect against phishing attacks and zero-day exploits. That’s questionable for most users. But we have seen recent warnings from Apple, Google, Samsung and Meta that attacks are underway. It’s a good idea to restart your smartphone now.
