Stop using the phone immediately if this abnormality appears.

You’re surfing the web on your phone when suddenly a pop-up appears, asking you to “verify your identity” before continuing. The window also gives detailed instructions on what to do, making you want to quickly follow them to get to the website. However, this could be a trap.

The above situation is a typical example of a form of cyber attack called ClickFix - a trick of faking verification windows, error messages or software update requests to trick users into clicking on malicious links. Although appearing in many different forms, the common point is to exploit the victim's habit of "clicking quickly to finish" and make them unwittingly open the way for hackers to penetrate the device.

The NSA warns that ClickFix, which is popular on computers, has now spread to iPhones and Androids. If your phone suddenly pops up strange notifications or unusual verification requests, do not interact. There are important steps you can take right now to protect your device and personal data, as many of today's ClickFix attacks are so well disguised that they are difficult to spot.

What to do when you encounter a ClickFix pop-up?

If your phone pops up a window asking you to “verify your identity,” “update your app,” or “fix a bug,” don’t do it. Don’t assume it’s safe just because it looks like a system notification. The best course of action is to close the entire app and return to the home screen, rather than trying to “exit” or “close” the popup, as that could trigger the malware.

In addition, maintain some basic safety habits: Do not share personal information via text messages or social networks, especially sensitive data such as passwords or banking information. Do not respond to strange messages or emails, and absolutely do not open attachments or click on links in suspicious content. Only grant location access to trusted and absolutely necessary applications.

If you suspect a pop-up is coming from a legitimate organization, contact the listed company or service directly yourself to verify instead of following the displayed instructions.

If you have interacted with the ClickFix window, take immediate action by changing your password, contacting your bank to alert them of the potential fraud, and running a full virus scan on your device using your built-in security tools. You can even use Google or other specialized tools to check if your email has been leaked on the dark web.

Typical examples of ClickFix crime

Microsoft - one of the world's leading technology corporations always considers user security as a top priority. In May 2025, the company discovered a large-scale ClickFix attack campaign targeting government, financial, educational and transportation organizations.

Hackers use emails containing fake ZIP files, luring recipients to open them and visit a fake government agency website, such as the tax office. Here, the victim is asked to copy and paste the command code, the final step for hackers to take control of the device. Microsoft recommends users to be absolutely vigilant with all emails from unknown sources, especially compressed file attachments.

Not stopping there, the notorious Lazarus hacker group also took advantage of ClickFix to set traps. They impersonated employers in the cryptocurrency industry, organized fake job interviews and sent malicious links or files containing malware to candidates. Many people looking for career opportunities became victims, this is a typical example of the sophistication and ruthlessness of cybercrime.

Another variant of ClickFix also mimics popular verification prompts like Google CAPTCHA or Cloudflare that users often encounter. These windows are almost perfectly replicated, without any suspicious signs. After “verification”, the user is asked to perform a number of keyboard commands, inadvertently activating the malware behind it.

Cybersecurity experts warn that any unusual notification or pop-up on your phone could be a scam. Always be careful before clicking because just one wrong tap could put your personal and financial data in the wrong hands./.