The problem is that scammers have adapted. They have taken an old attack and reshaped it into something that blends into habits we barely think about, such as passing a CAPTCHA or completing a two-factor step.

This newer version of the ClickFix scam feels routine, which is exactly why it works. As a computer repair business, we are seeing it more often, so here is a clear explanation of how it works and how to avoid it. 

The older ClickFix method was easier to spot

The original version relied on fear. A website would loudly claim your computer had a fault. It would then mention corrupted files or pretend your system was failing, then guide you to open a powerful system tool using a keyboard shortcut that only IT professionals usually touch. Tools such as Command Prompt, PowerShell, and Terminal were never meant for everyday use, which is why the instructions stood out.

Once the tool was open, the page would display a block of characters for you to paste in. It never looked readable, just a jumble that appeared technical enough to trust. Pressing Enter quietly downloaded malware from a criminal server, and you never saw a pop-up or progress bar. The command was encoded so the real action was hidden from view.

READ MORE:  How Using the SLAM Method Can Improve Phishing Detection

Over time, people learned to ignore dramatic error messages. The scare tactics stopped working, so the scammers changed tactics.

The new version hides inside fake verification steps

Now, the scam appears inside something that feels legitimate. Instead of warning you about problems, the website pretends it needs to verify that you are a real person. It might look like a Cloudflare check, a Google-style CAPTCHA, or even a verification screen on a site that appears related to a hotel or booking service you actually use. Some victims even reach these pages through links sitting at the top of search results.

Everything looks normal until the page tells you to complete the verification by copying a code into Terminal, Command Prompt, or PowerShell.

Because we are used to extra login steps, the request feels like a mild inconvenience rather than a warning sign. That single line of encoded text is the attack. Once you paste and run it, the computer silently contacts a malicious server, downloads malware, and installs it without any visible sign.

Why this new approach works

People trust verification steps. CAPTCHA and two-factor checks appear on nearly every major site now, so they feel familiar, and scammers use that trust to their advantage.

Many people believe they are safe as long as they avoid suspicious downloads. This attack sidesteps that habit entirely, as you are not downloading a file yourself but running the command that fetches it for you.

Because the text is encoded, it looks harmless. Random characters do not raise suspicion. Your computer also treats the action as something you chose to do, which makes it harder for security tools to block.

What the malware does once installed

The malware that arrives through these commands usually aims to steal information. It can pull saved passwords from your browser, capture authentication cookies, or add remote access tools that allow someone else to connect later. Some versions turn your computer into part of a larger network used for other attacks.

READ MORE:  How to Spot Hidden Malware on Your Devices

Most victims notice nothing. Their computer behaves normally while sensitive information leaves in the background.

Where these fake pages appear

The links to these fake verification pages often come from places that seem trustworthy. Some arrive through hacked hotel or booking accounts containing real reservation data.

Others appear in ads at the top of search results or in routine-looking messages and emails. The scam spreads because the doorway into it feels familiar.

The simple rule that protects you

You do not need to memorize any technical details. Just remember this.

If a website tells you to open Terminal, Command Prompt, or PowerShell and paste in a code, close the page immediately.

No legitimate website will ever ask a normal user to do that as part of a CAPTCHA or verification step.

If you think you may have done this

Do not panic, but take action. Stop using the computer for banking or shopping until it has been checked. Change your passwords from another trusted device, then contact us so we can inspect the system properly and remove anything harmful.

The sooner we look at it, the easier it is to fix.

Hopedale Technologies can help keep you safe

We can scan your computer for hidden issues, adjust your settings for better protection, and provide simple guidance to help you avoid attacks like this. If something ever looks unusual, you can contact us before acting on it.

If you want your computer checked or need a general security cleanup, we are here to help. 

Let’s look at why this happens and how to protect your home computer from it. 

Why Adults Pause and Kids Don’t

Adults have been warned about fake alerts and too-good-to-be-true downloads for years. We’ve learned through experience, work training, or the occasional close call. Kids, however, just want their video or game to load. Reading a paragraph of small text isn’t their priority, and many pop-ups are designed to exploit that impatience. The “Continue” or “Allow” button is big and colorful, while the “No thanks” option is tiny, gray, or hidden behind a small arrow.

It’s not carelessness; it’s completely normal behavior from a child who just wants to make the interruption go away.

The “Make It Go Away” Click

When a child sees a pop-up, their goal is simple: close it as fast as possible. That’s how they end up clicking on things such as:

1. “Install” for a fake video player or browser extension.
2. “Allow” for notifications on a random site.
3. “Yes” when Windows asks for permission to run a file.
4. “OK” to download a “codec,” “update,” or “booster.”

Here’s what often happens next. One click installs junk such as scareware that claims your computer has hundreds of viruses and demands payment to “fix” them. Or it could be ransomware that locks your files and demands money to get them back. Sometimes nothing seems to happen at all, but behind the scenes, the software is quietly collecting data, stealing passwords, or tracking everything you do online.

READ MORE:  How to Spot Fake Download Buttons and Stay Safe

The good news is you don’t need to hover over their shoulder every time they use the computer. With a few smart changes, it’s easy to make these threats far less likely to get through.

How We Can Help

Our goal is to stop the problem before it starts, blocking dangerous pop-ups and preventing any software from being installed without an adult’s approval. Here’s how we set that up.

1) Block pop-ups and bad ads before they appear

The most straightforward fix is to block most pop-ups before they appear on the screen. We can adjust your computer settings to prevent most pop-ups and fine-tune it for family use, cutting off the pushy ad networks that deliver fake update prompts. We can also add safe-browsing filters to prevent access to known scam sites. With fewer interruptions, kids can browse and watch videos without being tricked into clicking on something harmful.

2) Add strong antivirus and anti-malware protection

We install reliable security software that quietly watches downloads in real time. If something suspicious tries to run, it’s stopped immediately. This keeps the computer clean in the background while your kids continue using it as normal.

3) Create a whitelist of allowed sites for the kids’ profile

For younger children, a whitelist (or “allow list”) is an excellent layer of protection. Their account can access only the sites you’ve approved, such as YouTube, Wikipedia, or their school portal, and everything else is blocked with a friendly message. It’s a simple way to let them explore safely without worrying about where they’ll end up.

4) Use a non-admin account for everyday use

We set up a standard user account for your kids that can’t install software without an admin password. Even if they click “Yes” on a pop-up, nothing will install. Your own admin account remains separate and password-protected, allowing you to install programs whenever needed.

5) Tidy browser profiles and notifications

We can simplify browsing by creating separate browser profiles for each child, preloaded with their favorite sites. We also clear out annoying push-notification permissions and block new ones by default. This keeps the computer calm, quiet, and predictable.

6) Add parental controls where they actually help

Parental controls aren’t just timers; they can also prevent unwanted app downloads, software installs, and in-browser purchases. We’ll tailor these settings to your comfort level so you’re in control without having to constantly check in.

7) Keep updates and backups on autopilot

We make sure Windows, browsers, and key apps update automatically, and we’ll set up a reliable backup system that runs quietly in the background. If anything ever goes wrong, it’s easy to roll back to a clean version.

READ MORE:  Why Your Windows Updates are More Important Than Ever

What This Looks Like for Your Family

With these protections in place, your kids can click and explore without breaking anything. You’ll notice that:

1. YouTube loads normally with no strange pop-ups.
2. Random sites are blocked automatically.
3. Any attempted installs ask for your password first.
4. The family computer feels faster, cleaner, and easier to manage.

It’s a small setup change that makes a big difference in everyday peace of mind.

Can You Do It Yourself?

Some of these steps are straightforward, but others can get complicated. Mixing school sites into an allow list or misconfiguring antivirus settings can easily cause frustration. If you’d rather skip the trial and error, we can handle it for you, setting everything up properly and cleaning up any mess that’s already there.

You don’t need to become a technician. We’ll take care of the setup, test everything, and walk you through how it all works in plain English.

Ready For a Safer Family Computer?

If your computer already shows strange pop-ups, or if you just want to prevent them before they start, we can help. Contact us to book a cleanup and child-safe setup. We’ll make your family’s computer safe, fast, and frustration-free so your kids can explore online while you relax, knowing everything is protected.

Smishing is high up on the list of words that do not sound as intimidating or threatening as they should. Smashing the word fishing together with the “SM” for short messaging service (aka text), smishing is a cyberscam.

Especially with online shopping skyrocketing during the pandemic, delivery smishing has gained traction. Don’t fall victim to this type of cyberattack.

What does smishing look like?

You’ll get a text message that appears to be from a shipping company. You’re told you have a package coming but that more information is needed to ensure delivery. You’ll squeal, “a package!” OK, maybe you won’t squeal, but you’ll feel the anticipation and click on the link to help deliver that package to your door.

You might already be expecting a package. After all, as recently as June 2021, PWC was describing a “dramatic shift” toward online shopping. According to its most recent consumer survey, in the last twelve months:

• 44% of those surveyed bought online using a mobile phone or smartphone;
• 42% used smart home voice assistants to shop online;
• 38% used a tablet for online shopping;
• 34% bought something online via PC.

So, you might not think twice about clicking on a link appearing to be from a major delivery service.

Don’t do it!

What happens next?

You click on the link and are asked for personal information, even a credit card number or password. Otherwise, clicking on the link will download malware onto your phone. The bad guys use their access to snoop and/or send your sensitive data to its servers without you knowing it.

The smishing scam is a global one:

• March 2021 saw a 645% jump in Royal Mail-related phishing attacks, equating to an average of 150 per week.
• UPS warns about this type of fraud on its website.
• FedEx has tweeted the reminder, “We do not send unsolicited texts or emails requesting money, packages, or personal information. Suspicious messages should be deleted without being opened and reported to abuse@fedex.com.”

Package delivery isn’t the only common smishing tactic either. You might also see:

• urgent messages saying your bank account is locked;
• a warning from your credit card company about a fraud alert;
• something promising that you’ve won a great prize;
• an unusual activity report from a company where you have an account.

All that would get your attention, right? So, what do you do about smishing? That’s covered next.

Protect against smishing

Avoid getting drawn in by the urgency or emotional appeal of the SMS. Don’t click the link, and don’t call the number in the message either. Instead, look through your bills or go online into your account for information on contacting that company.

Reputable mail carriers and financial institutions won’t send text messages asking for credentials, credit card numbers, ATM PINs, or banking information.

Look at the sender more closely. A message from a number with only a few digits was likely sent from an email address, which can flag that it’s a scam.

Also, don’t store personal banking or credit card information on your mobile phone. That way, the criminals can’t access it, even if they get you to download malware onto your phone.

You can help others not to fall victim to smishing as well. Report any attempts to your wireless carrier.

Here’s how people are making money with computer viruses:

Bank account theft: Virus creators are more than happy to help themselves to your bank details, sneaking in to grab your login details or credit card info. They can either transfer your funds away or use your credit card details to go on a shopping spree. Sometimes they’ll leave the fun to another person though, and simply sell your details to the highest bidder.

Ransomware: Rather than a financial snatch and grab, sometimes a virus will encrypt your files and demand money for the unlock code. Without a true backup plan in place beforehand, you’re at their mercy. You’ll be given very helpful information on how to pay, plus a firm deadline before your files are destroyed permanently.

Ad swappers: A cheeky technique, this is when they create a virus that either puts annoying ads on websites you visit or places affiliate codes on pages so that when you buy something legitimately – eg, from Amazon – they get a percentage as a ‘referral fee’. Their kickback doesn’t make your purchase cost more and you may not even know you’re supporting their activities.

Bitcoin mining: You might have heard of digital currencies being used for payment, but did you know you can also earn them with your computer processing power? Unfortunately, ‘renting’ out your computer’s processing power means paying more in running costs than you’d make – unless you were very clever and sneaky, and used a virus to rent out other people’s computers.

Botnets: Certain infected computers can be remotely controlled to do whatever the virus creator wants. In this case, they’ll usually set the infected bot computers to overwhelm a target web server, like an e-commerce store. Sometimes it’s done as revenge, but more often it’s blackmail. The ‘Botmaster’ says “pay me thousands of dollars or I’ll crash your site during the biggest shopping day of the year.”

Account stealing: Subscription accounts like Netflix and Hulu are often hijacked, leaving you to pay the bill for someone else’s entertainment. But sometimes, virus creators go one step further with online gaming accounts. All those digital items that you fought so hard for (special clothing, weapons, etc.) can carry real-world value and be stolen from your account and sold on a black market. Yes, that’s cheating!

A strong antivirus program is the first step in protecting your computer. Hopedale Technologies recommends VIPRE Managed Antivirus. Since we manage and monitor your account, VIPRE is always up to date. We receive alerts and make sure it is active.

Someone watching through a small laptop or personal computer camera may sound farfetched. And if you don’t make a hat out of tinfoil, aliens will take over your brain, right?

Except, it is true that webcams can be used for spying.

Seeing someone with a piece of tape over their webcam isn’t that unusual. Even Facebook’s founder does it. At conferences now, you might even receive a branded sliding webcam cover as swag.

How Webcam Spying Works

How can someone access your webcam in the first place? Typically, they’ve installed malware. The malicious software allows them to remotely control your computer and view its webcam.

A cybercriminal might access your webcam using spy software, a remote access trojan (RAT). The software spreads through freeware, spam emails, infected attachments, or fake website links.

The software allows the remote user to take control of your computer. They could view your online activity, read messages, or capture screens and keystrokes, and they’ll be able to turn your webcam on to spy on you – without you knowing it.

The webcam light located near the lens will indicate whether camera is currently recording. However, it’s easy to miss and many people don’t understand what the light means.

What to Do About Webcam Spying

Well, there’s that piece of tape, or you might use a Post-It note to cover the camera, but that doesn’t address the bigger issue. Since we’re talking about malware here, the usual rules apply.

• Don’t trust attachments, even from people you know.
• Hover over external links to see where they will take you before clicking.
• Question the credibility of any freeware you might download onto your computer.
• Install a good antivirus system, especially one that checks emails.
• Put a good firewall in place to prevent attackers from accessing your computer.
• Install patches for your operating system, browser, and software to keep security current.

While we’re talking about webcams, keep in mind your smartphone camera and any surveillance cameras need protection too. On your phone, keep your passcode private and make sure antivirus and security patching is up to date. With a surveillance system, always change the default password – you’d be amazed how many people don’t bother to do so – as that’s just making the hackers job easy for them!

Want to be sure you’re not being spied on? We can make sure you have a strong firewall in place to monitor network traffic and block suspicious activity. We can also ensure your antivirus and malware security is top notch.

Don’t find yourself on camera when you’re not ready for your closeup! Give us a call at 508-478-6010.

Advertising: Much like a free app making its fortune with in-app purchases, the free antivirus software will push for payment. Expect popup boxes pestering you to sign up to the paid version at least daily. Some free options will also try to change your browser home page and default search engine, an inconvenience you may be stuck with. Managed antivirus protection is more respectful and largely invisible unless it has detected a problem.

Effectiveness: It’s fair to expect your antivirus to detect malware, and testing showed that in a head-to-head battle free and paid are about equal at catching known infections. And therein lies the kicker: generally speaking, free antivirus needs to have recorded a virus to its library before it can detect it. Managed antivirus is more likely to identify and stop a new virus. It essentially bases the detection on suspicious behavior, source and attributes, a far more effective method of detection.

Features: Free antivirus options are usually created from the paid version, taking out everything except the bare minimum. In your managed paid version, you can expect advanced features like spam filters, firewalls, parental controls and secure web browsing. Managed paid antivirus will also monitor updates and scan reports to reduce the risk of infection, forming a more secure protection against attacks. For example, you might view a malicious image file that takes advantage of an exploit in your PDF software. Unfortunately, hackers have advanced beyond simple tactics and it’s not just about avoiding email attachments anymore.

Support:  Free antivirus options are the most popular choice because they’re… free. Obviously.  This also means there’s generally no support available. If there’s a problem or conflict with another program, you may find yourself without protection until it can be resolved. WE are your support with managed paid antivirus! Should any remediation be necessary, we can address and resolve the issues at a 25% discount.

Free antivirus is fine for very basic protection, those on a budget or those with an older PC. In these cases, something is always better than nothing. But we generally recommend you go with a paid managed antivirus to defend you from the new attacks that are released daily, and to ensure you’ve got solid protection that will make a real difference to your digital safety.

Talk to us at 508-478-6010 about upgrading to a managed antivirus system.