ClickFix social engineering attacks have surged by 517% in the past six months, becoming the second most common vector behind only phishing, according to new ESET data.

The report, published on June 26, found that this technique accounted for nearly 8% of all blocked attacks in H1 2025.

ClickFix is a social engineering that uses a fake error or verification message to manipulate victims into copying and pasting a malicious script and then running it.

The tactic preys on users’ desire to fix problems themselves rather than alerting their IT team or anyone else. Therefore, it is effective at bypassing security protections as the victim infects themselves.

The technique was first observed by Proofpoint in March 2024, before exploding in popularity by the end of the year.