University Community

Beware of 'ClickFix' scams

The Ohio University Information Security Office is warning the campus community about a growing cyber threat known as a ClickFix scam.

Unlike traditional phishing attacks that ask for your username and password, ClickFix scams attempt to trick you into infecting your own computer. These attacks often appear as pop-ups, CAPTCHAs, fake error messages, document-sharing pages, streaming sites or browser alerts that claim there is a problem preventing you from accessing content.

The message may instruct you to:

  • Press Windows + R
  • Open Command Prompt (cmd.exe)
  • Open PowerShell
  • Copy and paste a command into your computer
  • Follow steps to “fix” an issue or “verify” your identity

If you follow these instructions, the command may download and install malicious software, steal passwords, compromise University data or give attackers access to your computer.

It is important to remember that legitimate Ohio University services, Microsoft services and reputable websites will not require you to run commands on your computer to access content or verify your identity.

What to watch out for

Be suspicious if a website or pop-up asks you to:

  • Open Windows Run (Windows + R)
  • Launch Command Prompt or PowerShell
  • Copy and paste a command provided by the website
  • Disable security protections
  • Download files from unfamiliar websites
  • Bypass browser security warnings

What NOT to do

  • Do not copy and paste commands into Windows Run, Command Prompt or PowerShell.
  • Do not follow technical instructions from unexpected websites or browser pop-ups.
  • Do not disable antivirus or security software because a website tells you to.
  • Do not enter your Ohio University credentials after running suspicious commands.
  • Do not approve unexpected multi-factor authentication (MFA) prompts.

What to do

  • Close the browser tab or window immediately if presented with a suspicious pop up or notification like the ones described above.
  • Navigate directly to trusted websites rather than following suspicious instructions.
  • Report suspicious websites, emails or pop-ups to the Information Security Office.
  • Contact the Information Security Office if you believe you may have interacted with a ClickFix scam.

If you have been a victim of a ClickFix scam

If you have already copied and pasted a command, downloaded a file or followed instructions from a suspicious website:

  1. Stop using the device.
  2. Disconnect from the network if possible.
  3. Contact the Ohio University IT Service Desk or Information Security Office immediately.
  4. Provide any screenshots or details about the incident.

Early reporting helps reduce the impact and allows the security team to investigate quickly.

In summary

If a website asks you to open Run, Command Prompt or PowerShell and paste a command, stop and think before acting. When in doubt, don't run it but do report it by contacting the Information Security Office.

Published
July 17, 2026
Author
Staff reports