There’s a great way to know what’s in it: paste to a text editor or something. Here are my red flags for this sort of attack, in order:
Asks me to do something outside of the web page, to make the web page work - kind of makes sense for email verification, but that’s about it
Asks me to copy paste something - kind of makes sense for CLI installers or configs for dev tools, but not much else
Uses the Run Command function - nothing good happens with that function, and IMO Microsoft should remove it; power users can open a terminal, it’s not that hard
Must users should notice at least one of those. If a web page is asking you to do something you don’t understand, don’t do it.
Yeah, that’s why ClickFix doesn’t work on most users, but still a few. The newer FileFix is nastier, because it looks more plausible in a situation of a download. Like, you know those fake download button ads? Imagine one of those and it leads to instructions to paste something into the native file dialog address bar instead of the run dialog. This will trick a lot more people.
There’s a great way to know what’s in it: paste to a text editor or something. Here are my red flags for this sort of attack, in order:
Must users should notice at least one of those. If a web page is asking you to do something you don’t understand, don’t do it.
Yeah, that’s why ClickFix doesn’t work on most users, but still a few. The newer FileFix is nastier, because it looks more plausible in a situation of a download. Like, you know those fake download button ads? Imagine one of those and it leads to instructions to paste something into the native file dialog address bar instead of the run dialog. This will trick a lot more people.