Home/Scam Guides/Latest Scams/ClickFix fake browser update overlays on compromised UK websites install infostealer malware
tech HIGH 12 Jun 2026

ClickFix fake browser update overlays on compromised UK websites install infostealer malware

Impersonating: Google Chrome / Microsoft Edge

What is this scam?

Google's June 2026 fraud advisory and NCSC guidance both flag the 'ClickFix' technique, where compromised websites display a full-screen overlay mimicking a genuine browser update prompt. Clicking 'Fix' or 'Update now' silently executes a malicious script that installs infostealer malware capable of harvesting saved passwords, online banking credentials, and session cookies — often without any visible sign of infection. The technique has been observed on compromised UK news and retail sites, making it particularly difficult for users to anticipate.

Example scam message

Full-screen browser overlay appearing on what looks like a normal website: 'Your browser is out of date. Chrome requires an important security update before you can view this content safely. [Update Chrome Now] This will only take a moment and you will be returned to the page automatically.' [Clicking the button runs a hidden PowerShell command that installs malware — no real update occurs and no new browser window opens]

Red flags to look out for

  • The message creates urgency — threatening a fine, missed delivery, or account closure.
  • Links lead to unofficial domains that don't match the real company's website.
  • You weren't expecting this message and can't verify the event it references.
  • It asks you to confirm payment details or personal information via a link.
  • The sender's number or email address doesn't match the company's official contact.

What to do if you receive this

  1. Do not call any numbers or click any links in the message.
  2. Log in to your account directly via the official website or app to check for any real alerts.
  3. Forward the message to 7726 or email report@phishing.gov.uk.
  4. Report it to Action Fraud at actionfraud.police.uk.
Received this message? Forward it to 7726 (free on all UK networks) to report it to your mobile provider. You can also report it to Action Fraud or email the NCSC at report@phishing.gov.uk.

Not sure if your message is a scam?

Check it instantly with our free AI-powered detector.

Check a message now

Related scams

tech Argos account takeover fraud surges 323% as criminals exploit stolen credentials Argos tech Copycat Which? website runs fake debit card comparison article to harvest personal details Which? tech Google Calendar invite phishing bypasses spam filters to steal credentials Google / Gmail
← Back to all latest scams

Source: NCSC