New ClickFix Scam, Dental Practice Banned, UK MPs Targeted

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses.

The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.

					DMARC Report					

				

New ClickFix Scam, Dental Practice Banned, UK MPs Targeted

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-35586">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/12/New-ClickFix-Scam-Dental-Practice-Banned-UK-MPs-Targeted.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M32S">2:32</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-35586" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-35586" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-35586" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-35586" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/new-clickfix-scam-dental-practice-banned-uk-mps-targeted/&t=New ClickFix Scam, Dental Practice Banned, UK MPs Targeted" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/new-clickfix-scam-dental-practice-banned-uk-mps-targeted/&url=New ClickFix Scam, Dental Practice Banned, UK MPs Targeted" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/12/New-ClickFix-Scam-Dental-Practice-Banned-UK-MPs-Targeted.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/new-clickfix-scam-dental-practice-banned-uk-mps-targeted/" class="input-link input-link-35586" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-35586" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-35586” readonly/>

					<button class="copy-embed copy-embed-35586" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

Cybercriminals are getting smarter, quieter, and far more convincing. From a new browser-based ClickFix variant that slips past traditional security tools, to healthcare organizations facing legal action after phishing breaches, and even UK MPs being targeted through trusted messaging apps, recent incidents show how fast attack methods are evolving. These threats no longer rely on obvious malware or shady links. Instead, they exploit user trust, familiar platforms, and small human actions that feel harmless in the moment.

Here is a **quick breakdown of the latest cybersecurity incidents making headlines and why they matter for organizations, public officials, and everyday users alike.

Beware of this new ClickFix scam! A new type of ClickFix scam is doing the rounds. Known as ConsentFix, this cyberattack tries to bypass security mechanisms. For conventional security tools, it is almost impossible to detect this type of consent phishing attempt.

Generally, in a ClickFix attack, a counterfeit CAPTCHA or a fake error is used to persuade the victim to copy and paste, or execute, harmful commands on their phones or desktops. But in the case of the ConsentFix attack, the entire attack takes place inside the browser. This, unfortunately, eliminates one of the major threat detection checkpoints.

When a victim comes across a legitimate but otherwise compromised website during a Google search , it allows the threat actors to bypass traditional anti-phishing tools. A fake Cloudflare CAPTCHA verification page pops up, asking the victim to share their business email address to prove they are human.

Next, a Microsoft login page appears on the screen, with a legitimate URL. The victim will now have to copy the URL and paste it into the given field again to prove they are human. Now, the threat actor can access to the victim’s Microsoft account via this URL.

**Cyber experts believe the success rate of this ConsentFix phishing attack is quite low so far because the likelihood of an employee copying and pasting a long URL is very rare. Cyber experts urge organizations to strengthen email security by properly implementing DMARC, DKIM, and SPF to combat phishing and spoofing attacks.

**Dental practice prohibited because of cyber breach involvement It dates back to October 2024, when Fresh Dental, a dental clinic, was targeted by phishing actors. Cybercrooks had managed to get access to the **Microsoft 365 email accounts of some of the Fresh Dental employees. These compromised Microsoft 365 accounts are then misused to send malicious emails to other targets.

When the investigation was carried out, experts found multiple technical and security failures on Fresh Dental’s part. The dental clinic could not carry out its own investigation procedures because of a lack of appropriate technical facilities. Fresh Dental also failed to conduct timely cybersecurity training. Secondly, the dental clinic failed badly at penetration testing before the data breach. Neither was there any **professional agreement between Fresh Dental and its IT service provider regarding the handling of personal data.

All these clearly contradict the legalities, and as a result, the Law has issued an **enforcement order which requires Fresh Dental to deploy organizational and technical measures to minimize the risk of phishing attacks, sign a legal agreement with the IT provider, and take a penetration test to prove the security efficacy of their systems.

UK MPs are being targeted by message-based phishing attacks! UK MPs are being targeted by message app-based phishing attacks left, right, and center. It is believed that the threat actors are allegedly from Russia. They are using the Signal and WhatsApp accounts of these MPs to target them. The cybercrooks send messages while posing as support team executives **of the messaging apps. Next, they ask the victims to either click on a malicious link, enter a code, or scan a QR code.

If the victim follows all instructions, the threat actor gains access to the victim’s contact list, all parliamentary messages, and the victim’s daily activity on the device. The worst part is that the cybercrook will not even get detected!

The UK parliamentary authority has advised the MPs and other officials to amp up their cybersecurity preparations.

The National Cyber Security Center (NCSC) has advised MPs and officials not to use commercial messaging apps for parliament-related work. Also, for informal communications, **Microsoft Teams is considered to be a safe option. MPs have also been advised to enable two-factor authentication on all their messaging accounts, unlink any unrecognized or suspicious devices, and remove them then and there.