A new social engineering campaign called ClickFix is targeting the hospitality sector in Europe. Attackers use fake Windows Blue Screen of Death (BSOD) screens to trick users into executing malware. The campaign first appeared in December and has been tracked by Securonix under the label "PHALT#BLYX." Phishing emails pretending to be from Booking.com create urgency by claiming a hotel guest is canceling a reservation and requesting a refund. When victims click the link, they are directed to a counterfeit Booking.com site that closely mimics the real one. Once on the fake site, users encounter a fabricated loading error that prompts them to refresh the page. This action brings up a full-screen fake BSOD, instructing them to execute a command that has been copied to their clipboard. Unaware of the scam, users paste the command, which runs a PowerShell script that opens a decoy Booking.com admin page while secretly downloading and compiling malware. The malware, identified as DCRAT, allows attackers remote access to the infected device, enabling them to steal data or deploy additional malicious payloads. The entire operation exploits the urgency and stress of hospitality staff, who may overlook signs of deception in an attempt to resolve customer issues. The ClickFix attack showcases how effective social engineering can be when attackers leverage well-known brands and create a sense of immediate need. Once the malware establishes a foothold, it can spread within the network, posing further risks to the organization.