Press Relase / News Release Distribution Service [@Press]

Top > Press Release List > 「Security (for businesses)」Press Release
Note: This page is a machine translation of the Japanese original and is provided for reference only.
In the event of any discrepancy between this page and the original, the original shall prevail. Click here for the original text.

New template added to "Targeted Attack Email Response Training Implementation Kit! New template added to "Targeted Attack Email Response Training Kit"! simulating the new cyber-attack method "ClickFix

縁マーケティング研究所

En Marketing Institute (Kawaguchi-shi, Saitama, https://kit.happyexcelproject.com/) has added a new template to its self-developed "Targeted Attack Email Response Training Kit" to simulate a social engineering method called "ClickFix" for conducting targeted attack email training. The new template enables users to conduct targeted email training that simulates a social engineering method called "ClickFix".


Using this template, even non-technical personnel can easily conduct a targeted attack email drill simulating ClickFix, providing an opportunity for security education for employees on the dangers of ClickFix.


The ClickFix technique exploits the implementation of a predetermined operation to solve a certain problem, for example, following the instructed procedure to show that the access is not by a robot, and indicates that a certain operation is required to solve the problem by means of a fake error message or other means, The attacker induces the accessing user to perform the operation in accordance with the procedure specified by the attacker.


Behind the operations specified by the attacker are hidden processes such as copying and launching commands that lead to malware downloads, and by using social engineering techniques to force users to perform the operations themselves without being known to do so, conventional security checks are circumvented and the attack is executed. This is a risk that an attack can be executed by users themselves using social engineering techniques, bypassing the checks made by conventional security functions.


The newly added template induces the user to perform the following sequence of operations to show that the website is not accessed by a robot.


(1) Present the user with an addition quiz and have the user answer the questions.

テンプレートによるClickFixの再現1

Reproduction of ClickFix by template1


(2) Continue to have the user open a Windows "Run" window using a keyboard shortcut.


(3) Then, have the user paste the command added to the clipboard using the keyboard shortcut.


(4) Press the Enter key to execute the pasted command.

テンプレートによるClickFixの再現2

Reproduction of ClickFix by template 2

テンプレートによるClickFixの再現3

Reproduction of ClickFix by template3


When the user executes the command according to the instructions, a Web page indicating that this is a training exercise is displayed, and it is revealed that the operation the user performed was guided by the ClickFix technique prepared by the attacker.


ClickFixについて解説した種明かしページ

A revealing page explaining ClickFix


This sequence of events allows users to experience realistic training as if they had actually been guided and victimized by the ClickFix modus operandi.


The most important point of this new content is that non-technical personnel can easily conduct training that simulates the ClickFix modus operandi. This will serve as a reminder to employees to be even more vigilant by allowing them to actually experience the horror of executing a suspicious program themselves through the skillful guidance of an attacker.


The "Targeted Email Response Training Kit" offers a free 60-day trial including the new content to companies that need to educate their employees about ClickFix, By experiencing ClickFix-themed training, you can determine whether or not it can be used for your company's security education.


New content release date: June 2, 2025 (Monday)

Service URL: https://kit.happyexcelproject.com/kunrenkit/



Background of the New Template

Since October 2024, there have been cases of victims being tricked by ClickFix tactics, and various organizations, including Microsoft, have issued warnings against ClickFix.

Against this backdrop, we believe it is imperative that security educators in companies be able to easily conduct training that simulates ClickFix tactics as part of targeted attack e-mail training, and have developed a template that can be used in targeted attack e-mail response training implementation kits, We have decided to develop and provide this template as one of the templates that can be used in the Targeted Attack Email Response Training Implementation Kit.



About the En Marketing Institute

Since En Marketing Institute started to sell the "Training Kit for Responding to Targeted Email Attacks" in 2014, we have been developing the "Training Kit for Responding to Targeted Email Attacks" to help small and medium-sized companies with limited budgets and little money to spend on information security training to provide employee training to cope with targeted email attacks. We will continue to provide a variety of information on targeted e-mail training to help small and medium-sized enterprises (SMEs) with limited budgets and little money to spend on information security training.


We will continue to support companies that want to prepare for increasingly malicious and sophisticated targeted e-mail attacks by providing a variety of information and services.


Company name: En Marketing Institute

Representative: Yasunori Nonoichi, President

Location: URBAN FORUM Warabi, 4-8 Shibashinmachi, Kawaguchi, Saitama 333-0851, Japan

Establishment: June 2013

URL: https://kunrenkit.jp/

     https://kit.happyexcelproject.com/



For inquiries regarding this matter, please contact

En Marketing Laboratory

E-Mail : ask@kunrenkit.jp

Tel : 0120-351-271

Image

Logo Image

Category:
Services
Genres:
Security (for businesses) General Business Economy(Japan)