{"id":160704,"date":"2026-01-13T15:06:50","date_gmt":"2026-01-13T20:06:50","guid":{"rendered":"https:\/\/www.bu.edu\/tech\/?page_id=160704"},"modified":"2026-01-14T10:07:05","modified_gmt":"2026-01-14T15:07:05","slug":"beyond-email-3-unconventional-phishing","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/support\/information-security\/security-for-everyone\/beyond-email-3-unconventional-phishing\/","title":{"rendered":"Beyond email: 3 Unconventional Phishing Tactics"},"content":{"rendered":"<div data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;SxB1v_8|npT2md\" jscontroller=\"zcfIf\" jsuid=\"SxB1v_8\" data-hveid=\"CAEQAA\" data-processed=\"true\">\n<div class=\"Y3BBE\" data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;zsmb5_8|npT2md\" jscontroller=\"zcfIf\" jsuid=\"zsmb5_8\" data-hveid=\"CAEQAA\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_9\" data-processed=\"true\">ClickFix scams<\/strong><span>\u00a0<\/span>are a type of social engineering attack that tricks users into unknowingly running malicious commands on their own computers by presenting fake system or browser errors. The victim is manipulated into performing a sequence of actions that bypass standard security measures and install malware.<\/div>\n<div class=\"Fsg96\" data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;zsmb5_i|npT2md\" jscontroller=\"KHhJQ\" jsuid=\"zsmb5_i\" data-processed=\"true\"><\/div>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"zsmb5_j\" data-processed=\"true\"><strong>How a ClickFix Scam Works<\/strong><\/div>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"zsmb5_j\" data-processed=\"true\"><span jsuid=\"zsmb5_k\" class=\"txxDge notranslate\" jsaction=\"rcuQ6b:&amp;zsmb5_k|npT2md\" jscontroller=\"udAs2b\" data-wiz-uids=\"zsmb5_l,zsmb5_m\" data-processed=\"true\"><span class=\"vKEkVd\" data-animation-atomic=\"\" data-wiz-attrbind=\"class=zsmb5_k\/TKHnVd\" data-processed=\"true\"><\/span><\/span>The attack typically follows a clever multi-step process that exploits user trust and the desire to &#8220;fix&#8221; an apparent problem quickly.<\/div>\n<ul class=\"KsbFXc U6u95\" jscontroller=\"mPWODf\" jsuid=\"zsmb5_t\" data-processed=\"true\">\n<li jscontroller=\"vsuOFb\" jsuid=\"zsmb5_u\" data-hveid=\"CAQQAA\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"zsmb5_v\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_w\" data-processed=\"true\">The Lure:<\/strong><span>\u00a0<\/span>The victim encounters a pop-up message on a malicious or compromised website that mimics a legitimate alert, such as a &#8220;Verify you&#8217;re human&#8221; CAPTCHA, a browser update notification, or an error message (e.g., &#8220;Aw, Snap!&#8221; or &#8220;Word Online extension missing&#8221;).<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"zsmb5_x\" data-hveid=\"CAQQAQ\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"zsmb5_y\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_z\" data-processed=\"true\">The Deception:<\/strong><span>\u00a0<\/span>The prompt provides instructions on how to solve the problem, often involving a &#8220;Fix It&#8221; or &#8220;Copy Fix&#8221; button. Clicking this button uses a malicious script to silently copy an obfuscated, harmful command to the user&#8217;s clipboard.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"zsmb5_10\" data-hveid=\"CAQQAg\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"zsmb5_11\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_12\" data-processed=\"true\">The Execution:<\/strong><span>\u00a0<\/span>The user is then instructed to open a legitimate system utility, typically the Windows<span>\u00a0<\/span><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_13\" data-processed=\"true\">Run<\/strong><span>\u00a0<\/span>dialog box (by pressing<span>\u00a0<\/span><code dir=\"ltr\" class=\"o8j0Mc\" jscontroller=\"PR9Qj\" jsuid=\"zsmb5_14\" data-processed=\"true\">Windows + R<\/code>), paste the clipboard&#8217;s content (using<span>\u00a0<\/span><code dir=\"ltr\" class=\"o8j0Mc\" jscontroller=\"PR9Qj\" jsuid=\"zsmb5_15\" data-processed=\"true\">Ctrl + V<\/code>), and press<span>\u00a0<\/span><code dir=\"ltr\" class=\"o8j0Mc\" jscontroller=\"PR9Qj\" jsuid=\"zsmb5_16\" data-processed=\"true\">Enter<\/code>.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"zsmb5_17\" data-hveid=\"CAQQAw\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"zsmb5_18\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_19\" data-processed=\"true\">The Payload:<\/strong><span>\u00a0<\/span>By executing the command, the user inadvertently launches a script that downloads and installs malware, such as information stealers (e.g., Lumma Stealer), remote access trojans (RATs), or other harmful payloads.<\/span><\/li>\n<\/ul>\n<div class=\"Y3BBE\" data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;zsmb5_1j|npT2md\" jscontroller=\"zcfIf\" jsuid=\"zsmb5_1j\" data-hveid=\"CAUQAA\" data-processed=\"true\">Because the user initiates the command themselves using a legitimate system tool, the action often bypasses traditional antivirus and browser security warnings.<\/div>\n<div class=\"Fsg96\" data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;zsmb5_1p|npT2md\" jscontroller=\"KHhJQ\" jsuid=\"zsmb5_1p\" data-processed=\"true\"><\/div>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"zsmb5_1q\" data-processed=\"true\"><strong>How to Protect Yourself<\/strong><\/div>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"zsmb5_1q\" data-processed=\"true\"><span jsuid=\"zsmb5_1r\" class=\"txxDge notranslate\" jsaction=\"rcuQ6b:&amp;zsmb5_1r|npT2md\" jscontroller=\"udAs2b\" data-wiz-uids=\"zsmb5_1s,zsmb5_1t\" data-processed=\"true\"><span class=\"vKEkVd\" data-animation-atomic=\"\" data-wiz-attrbind=\"class=zsmb5_1r\/TKHnVd\" data-processed=\"true\"><\/span><\/span>User awareness is the most effective defense against ClickFix scams.<\/div>\n<ul class=\"KsbFXc U6u95\" jscontroller=\"mPWODf\" jsuid=\"zsmb5_5v\" data-processed=\"true\">\n<li jscontroller=\"vsuOFb\" jsuid=\"zsmb5_5w\" data-hveid=\"CAoQAA\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"zsmb5_5x\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_5y\" data-processed=\"true\">Never copy and paste commands from unfamiliar or suspicious sources.<\/strong><span>\u00a0<\/span>No legitimate website or service will ask you to open a system terminal (like Run, PowerShell, or Mac Terminal) and paste code to verify your identity or fix an issue.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"zsmb5_5z\" data-hveid=\"CAoQAQ\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"zsmb5_60\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_61\" data-processed=\"true\">Close suspicious pop-up windows immediately.<\/strong><span>\u00a0<\/span>If a website displays an unexpected error message or security prompt, do not interact with it. Use the Task Manager (Ctrl + Shift + Esc) to close the browser if necessary.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"zsmb5_62\" data-hveid=\"CAoQAg\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"zsmb5_63\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_64\" data-processed=\"true\">Keep your systems and applications updated.<\/strong><span>\u00a0<\/span>Use reputable antivirus\/endpoint protection software that employs behavioral analysis to detect unusual activity, such as suspicious command execution, even if a known malware signature isn&#8217;t present.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"zsmb5_65\" data-hveid=\"CAoQAw\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"zsmb5_66\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_67\" data-processed=\"true\">Be cautious with all online interactions.<\/strong><span>\u00a0<\/span>Be wary of urgent language, unexpected security checks, or requests for unusual actions, regardless of how legitimate the page looks.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"zsmb5_68\" data-hveid=\"CAoQBA\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"zsmb5_69\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"zsmb5_6a\" data-processed=\"true\">Verify the source of information.<\/strong><span>\u00a0<\/span>If you receive an unexpected notification (e.g., from a bank, social media, or IT support), do not use the links or instructions provided. Instead, navigate directly to the official website or contact the organization through a trusted, known method.<\/span><span jsuid=\"zsmb5_6b\" class=\"uJ19be notranslate\" jsaction=\"rcuQ6b:&amp;zsmb5_6b|npT2md\" jscontroller=\"udAs2b\" data-wiz-uids=\"zsmb5_6c,zsmb5_6d\" data-processed=\"true\"><span class=\"vKEkVd\" data-animation-atomic=\"\" data-wiz-attrbind=\"class=zsmb5_6b\/TKHnVd\" data-processed=\"true\">\u00a0<\/span><\/span><\/li>\n<\/ul>\n<\/div>\n<div class=\"Y3BBE\" data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;SxB1v_8|npT2md\" jscontroller=\"zcfIf\" jsuid=\"SxB1v_8\" data-hveid=\"CAEQAA\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"SxB1v_9\" data-processed=\"true\">Collaboration tool impersonation scammers<\/strong><span>\u00a0<\/span>are cybercriminals who exploit business communication platforms (such as Microsoft Teams, Slack, or Zoom) to pose as trusted colleagues, executives, or vendors. Their goal is to deceive employees into performing actions that result in financial loss or the exposure of sensitive information.<\/div>\n<div class=\"Fsg96\" data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;SxB1v_i|npT2md\" jscontroller=\"KHhJQ\" jsuid=\"SxB1v_i\" data-processed=\"true\"><\/div>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"SxB1v_j\" data-processed=\"true\"><strong>How the Scams Work<\/strong><\/div>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"SxB1v_j\" data-processed=\"true\">Scammers leverage the trust and fast-paced nature of collaborative work environments to bypass normal security protocols. The attack typically involves several phases:<\/div>\n<ol class=\"IaGLZe VimKh\" jscontroller=\"xE4zce\" jsuid=\"SxB1v_1f\" data-processed=\"true\">\n<li jscontroller=\"vsuOFb\" jsuid=\"SxB1v_1g\" data-hveid=\"CAUQAA\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"SxB1v_1h\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"SxB1v_1i\" data-processed=\"true\">Research<\/strong>: Attackers gather information on potential targets (e.g., finance officers, HR staff) and senior executives using public sources like LinkedIn and company websites.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"SxB1v_1j\" data-hveid=\"CAUQAQ\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"SxB1v_1k\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"SxB1v_1l\" data-processed=\"true\">Impersonation<\/strong>: They create fake accounts, spoof email domains, or compromise existing accounts to make their communications appear legitimate. Advanced scammers use AI to clone voices or create deepfake videos of executives to enhance credibility.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"SxB1v_1m\" data-hveid=\"CAUQAg\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"SxB1v_1n\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"SxB1v_1o\" data-processed=\"true\">The Ask<\/strong>: The scammer contacts the target via a chat message or email, often creating a sense of<span>\u00a0<\/span><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"SxB1v_1p\" data-processed=\"true\">urgency<\/strong><span>\u00a0<\/span>(&#8220;I&#8217;m in a meeting and need this done now&#8221;) or authority. Common requests include:<\/span>\n<ul class=\"KsbFXc U6u95\" jscontroller=\"mPWODf\" jsuid=\"SxB1v_1q\" data-processed=\"true\">\n<li jscontroller=\"vsuOFb\" jsuid=\"SxB1v_1r\" data-hveid=\"CAUQAw\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"SxB1v_1s\" data-processed=\"true\">Initiating a wire transfer to a fraudulent account (known as Business Email Compromise or CEO Fraud).<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"SxB1v_1t\" data-hveid=\"CAUQBA\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"SxB1v_1u\" data-processed=\"true\">Sharing sensitive data like W-2 forms or login credentials.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"SxB1v_1v\" data-hveid=\"CAUQBQ\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"SxB1v_1w\" data-processed=\"true\">Clicking on a malicious link that installs malware or leads to a phishing site.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"SxB1v_2a\" data-processed=\"true\"><strong>Red Flags and Protection<\/strong><\/div>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"SxB1v_2a\" data-processed=\"true\">Identifying these scams can be difficult, as they often lack traditional red flags like spelling errors and are designed to blend into everyday communications.<\/div>\n<ul class=\"KsbFXc U6u95\" jscontroller=\"mPWODf\" jsuid=\"SxB1v_2j\" data-processed=\"true\">\n<li jscontroller=\"vsuOFb\" jsuid=\"SxB1v_2k\" data-hveid=\"CAgQAA\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"SxB1v_2l\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"SxB1v_2m\" data-processed=\"true\">Verify Requests<\/strong>: Always verify urgent or unusual requests through a secondary, trusted communication channel (e.g., call the person&#8217;s known phone number or use a different platform).<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"SxB1v_2n\" data-hveid=\"CAgQAQ\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"SxB1v_2o\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"SxB1v_2p\" data-processed=\"true\">Be Skeptical of Urgency<\/strong>: Scammers use pressure to prevent critical thinking. Legitimate organizations and executives rarely demand immediate action without proper channels.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"SxB1v_2q\" data-hveid=\"CAgQAg\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"SxB1v_2r\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"SxB1v_2s\" data-processed=\"true\">Check the Sender&#8217;s Details<\/strong>: Look closely at the email address or username for subtle variations, typosquatting, or look-alike domains (e.g.,<span>\u00a0<\/span><code dir=\"ltr\" class=\"o8j0Mc\" jscontroller=\"PR9Qj\" jsuid=\"SxB1v_2t\" data-processed=\"true\">company.io<\/code><span>\u00a0<\/span>instead of<span>\u00a0<\/span><code dir=\"ltr\" class=\"o8j0Mc\" jscontroller=\"PR9Qj\" jsuid=\"SxB1v_2u\" data-processed=\"true\">company.com<\/code>).<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"SxB1v_2v\" data-hveid=\"CAgQAw\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"SxB1v_2w\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"SxB1v_2x\" data-processed=\"true\">Report Suspicious Activity<\/strong>: Promptly report any suspicious communication to abuse@bu.edu.<\/span><\/li>\n<\/ul>\n<div class=\"Y3BBE\" data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;O8uZcf_8|npT2md\" jscontroller=\"zcfIf\" jsuid=\"O8uZcf_8\" data-hveid=\"CAEQAA\" data-processed=\"true\"><strong>Quishing (QR code phishing)<\/strong> is a cyberattack using malicious QR codes, often in emails, texts, or physical locations, to trick victims into scanning them, leading to fake login pages to steal credentials, fraudulent apps for malware, or sensitive data theft for identity fraud, bypassing standard email filters by relying on mobile scanning. Attackers embed malicious links in QR codes that look legitimate (like for discounts or HR notices) but redirect users to spoofed sites to harvest personal info, passwords, or install malware.<\/div>\n<div class=\"Fsg96\" data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;O8uZcf_j|npT2md\" jscontroller=\"KHhJQ\" jsuid=\"O8uZcf_j\" data-processed=\"true\"><\/div>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"O8uZcf_k\" data-processed=\"true\"><strong>How it works<\/strong><\/div>\n<ul>\n<li class=\"otQkpb\" aria-level=\"3\" role=\"heading\" jscontroller=\"a7qCn\" jsuid=\"O8uZcf_k\" data-processed=\"true\"><span jsuid=\"O8uZcf_l\" class=\"txxDge notranslate\" jsaction=\"rcuQ6b:&amp;O8uZcf_l|npT2md\" jscontroller=\"udAs2b\" data-wiz-uids=\"O8uZcf_m,O8uZcf_n\" data-processed=\"true\"><span class=\"vKEkVd\" data-animation-atomic=\"\" data-wiz-attrbind=\"class=O8uZcf_l\/TKHnVd\" data-processed=\"true\"><\/span><\/span><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_q\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_r\" data-processed=\"true\">Delivery<\/strong>: <\/span>Scammers place QR codes in emails (as images), texts, or even on physical posters\/menus, impersonating trusted entities like banks, government, or delivery services.<\/li>\n<\/ul>\n<ul class=\"KsbFXc U6u95\" jscontroller=\"mPWODf\" jsuid=\"O8uZcf_o\" data-processed=\"true\">\n<li jscontroller=\"vsuOFb\" jsuid=\"O8uZcf_t\" data-hveid=\"CAMQAg\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_u\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_v\" data-processed=\"true\">The Lure<\/strong>: The code promises a reward (discount, urgent notice) or appears in a trusted context (like an office breakroom).<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"O8uZcf_x\" data-hveid=\"CAMQBA\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_y\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_z\" data-processed=\"true\">The Scan<\/strong>: You scan the code with your phone, which hides the malicious URL from email security.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"O8uZcf_11\" data-hveid=\"CAMQBg\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_12\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_13\" data-processed=\"true\">The Trap<\/strong>: You land on a fake website or download malware, giving up credentials, financial details, or infecting your device.<\/span><\/li>\n<\/ul>\n<div class=\"Fsg96\" data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;O8uZcf_1d|npT2md\" jscontroller=\"KHhJQ\" jsuid=\"O8uZcf_1d\" data-processed=\"true\"><\/div>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"O8uZcf_1e\" data-processed=\"true\"><strong>Why it&#8217;s effective<\/strong><\/div>\n<ul>\n<li class=\"otQkpb\" aria-level=\"3\" role=\"heading\" jscontroller=\"a7qCn\" jsuid=\"O8uZcf_1e\" data-processed=\"true\"><span jsuid=\"O8uZcf_1f\" class=\"txxDge notranslate\" jsaction=\"rcuQ6b:&amp;O8uZcf_1f|npT2md\" jscontroller=\"udAs2b\" data-wiz-uids=\"O8uZcf_1g,O8uZcf_1h\" data-processed=\"true\"><span class=\"vKEkVd\" data-animation-atomic=\"\" data-wiz-attrbind=\"class=O8uZcf_1f\/TKHnVd\" data-processed=\"true\"><\/span><\/span><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_1k\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_1l\" data-processed=\"true\">Bypasses filters<\/strong>: Email security can&#8217;t inspect the URL inside a QR image.<\/span><\/li>\n<\/ul>\n<ul class=\"KsbFXc U6u95\" jscontroller=\"mPWODf\" jsuid=\"O8uZcf_1i\" data-processed=\"true\">\n<li jscontroller=\"vsuOFb\" jsuid=\"O8uZcf_1m\" data-hveid=\"CAUQAQ\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_1n\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_1o\" data-processed=\"true\">Mobile convenience<\/strong>: Users are accustomed to scanning codes on mobile, often without scrutinizing the URL.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"O8uZcf_1p\" data-hveid=\"CAUQAg\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_1q\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_1r\" data-processed=\"true\">Physical context<\/strong>: Codes on posters or menus feel more tangible and trusted.<\/span><\/li>\n<\/ul>\n<div class=\"Fsg96\" data-sfc-cp=\"\" jsaction=\"rcuQ6b:&amp;O8uZcf_1y|npT2md\" jscontroller=\"KHhJQ\" jsuid=\"O8uZcf_1y\" data-processed=\"true\"><\/div>\n<div class=\"otQkpb\" aria-level=\"3\" role=\"heading\" data-animation-nesting=\"\" data-sfc-cp=\"\" jscontroller=\"a7qCn\" jsuid=\"O8uZcf_3t\" data-processed=\"true\"><strong>How to protect yourself<\/strong><\/div>\n<ul>\n<li class=\"otQkpb\" aria-level=\"3\" role=\"heading\" jscontroller=\"a7qCn\" jsuid=\"O8uZcf_3t\" data-processed=\"true\"><span jsuid=\"O8uZcf_3u\" class=\"txxDge notranslate\" jsaction=\"rcuQ6b:&amp;O8uZcf_3u|npT2md\" jscontroller=\"udAs2b\" data-wiz-uids=\"O8uZcf_3v,O8uZcf_3w\" data-processed=\"true\"><span class=\"vKEkVd\" data-animation-atomic=\"\" data-wiz-attrbind=\"class=O8uZcf_3u\/TKHnVd\" data-processed=\"true\"><\/span><\/span><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_3z\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_40\" data-processed=\"true\">Pause before scanning<\/strong>: Don&#8217;t scan unexpected QR codes in emails or physical spots.<\/span><\/li>\n<\/ul>\n<ul class=\"KsbFXc U6u95\" jscontroller=\"mPWODf\" jsuid=\"O8uZcf_3x\" data-processed=\"true\">\n<li jscontroller=\"vsuOFb\" jsuid=\"O8uZcf_41\" data-hveid=\"CAgQAQ\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_42\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_43\" data-processed=\"true\">Inspect the source<\/strong>: Check the sender and message for red flags like poor grammar.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"O8uZcf_44\" data-hveid=\"CAgQAg\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_45\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_46\" data-processed=\"true\">Verify independently<\/strong>: Be extra skeptical if an email from HR has a QR code, go to the BU.EDU\/HR directly, don&#8217;t use the code.<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"O8uZcf_47\" data-hveid=\"CAgQAw\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_48\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_49\" data-processed=\"true\">Use MFA<\/strong>: At BU we use DUO Multi-factor authentication which adds a layer of defense even if credentials are stolen. Make sure to use it whenever you can for your personal accounts!\u00a0<\/span><\/li>\n<li jscontroller=\"vsuOFb\" jsuid=\"O8uZcf_4a\" data-hveid=\"CAgQBA\" data-processed=\"true\"><span class=\"T286Pc\" data-sfc-cp=\"\" jscontroller=\"fly6D\" jsuid=\"O8uZcf_4b\" data-processed=\"true\"><strong class=\"Yjhzub\" jscontroller=\"zYmgkd\" jsuid=\"O8uZcf_4c\" data-processed=\"true\">Be wary of discounts<\/strong>: Be suspicious of offers in unexpected QR codes.<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>ClickFix scams\u00a0are a type of social engineering attack that tricks users into unknowingly running malicious commands on their own computers by presenting fake system or browser errors. The victim is manipulated into performing a sequence of actions that bypass standard security measures and install malware. How a ClickFix Scam Works The attack typically follows a&#8230;<\/p>\n","protected":false},"author":4352,"featured_media":0,"parent":101545,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/160704"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/4352"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=160704"}],"version-history":[{"count":5,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/160704\/revisions"}],"predecessor-version":[{"id":160721,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/160704\/revisions\/160721"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/101545"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=160704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}