The article details two evolving social engineering techniques: ClickFix, which tricks users into pasting and executing attacker-supplied PowerShell commands via fake prompts, and ConsentFix, which abuses Microsoft 365 OAuth consent flows by manipulating users into dragging a localhost callback link into the browser to capture session tokens. A complete ConsentFix playbook with working code was publicly shared on a Russian cybercrime forum, enabling widespread adoption. Both techniques bypass traditional security controls by exploiting user muscle memory and legitimate platform infrastructure.