What if the website wasn't fake — but the message it showed you was? In this episode of SipCyber, Jen Lotze stops into City on a Hill Coffee in Leadville, CO, where the Colorado Rockies rise just outside the window and a hazelnut latte sets the scene for a conversation about one of the most effective cyberattack campaigns in recent memory.

Cybersecurity researchers uncovered a massive ClickFix malware operation targeting more than 700 education and technology websites — not fake sites, real and trusted ones. Visitors were greeted by a familiar-looking verification screen, asked to prove they were human, and then walked step-by-step into installing malware themselves. No software exploit required. Just trust — and a message that felt routine.

A side trip to Leadville's straightforwardly named "The Tattoo Shop" becomes an unexpected lens on how trust is built online, how attackers exploit it, and the one question that can protect you: Is this really what it claims to be?

Key Topics Covered:

• What the ClickFix malware campaign is and how it spread across 700+ legitimate websites
• Why real, trusted sites are more dangerous attack surfaces than fake ones
• How fake CAPTCHA screens trick users into running malicious commands themselves
• The psychology of borrowed trust — and why it's so effective
• One grounding question to ask before you follow any online instruction

☕ Featured Coffee Shop: City on a Hill Coffee, Leadville, CO 🍵 Jen's Order: Hazelnut latte

The most dangerous attacks don't feel dangerous. Subscribe for weekly cybersecurity insights from coffee shops across the country — and share this with anyone who's ever clicked "I'm not a robot."

#Cybersecurity #ClickFix #Malware #SocialEngineering #CyberAwareness #InfoSec #CyberSafety #SipCyber #Phishing #TrustAttacks #DigitalSafety #SecurityTips #CyberEducation