Skip to main content
FDIC-insured. Backed by the full faith and credit of the U.S. Government.


Person Typing on a Computer with Malicious Software Coding

Posted on Wednesday, August 14, 2024 in Privacy & Security

Scam of the Week: Pastejack Attack

In this week’s scam, cybercriminals are trying to trick you into running malicious code using PowerShell, a powerful tool for executing commands on your computer. This technique is known as “pastejacking”, which involves copying and pasting malicious code into your computer and then allowing it to run.

This scam begins when you receive what appears to be an urgent email that contains an attachment. If you try to open the attachment, an error will display that says, “Failed to connect to the ‘OneDrive’ cloud service, to fix the error you need to update the DNS cache manually.” The message also provides a few lines of code and instructions on how to copy and paste it into a Windows PowerShell Terminal. The message urges you to take action, which is exactly what scammers want. If you follow their instructions, you will run a malicious command on your machine. The code will install malware, giving the scammers access to your personal data.

Follow these tips to avoid falling victim to pastejacking: 

  • You will never receive a legitimate email that tells you to open an attachment using PowerShell. If you receive an email instructing you to use PowerShell, immediately report it to your IT team. 

  • Be cautious of any emails that prompt you to take urgent action. Creating a sense of urgency is a common technique that scammers use to trick you.

  • If you are unsure about the legitimacy of an email or attachment, contact your organization's IT or security team for further instructions. 

Stop, Look, and Think. Don't be fooled. 

Article provided by:

KnowBe4 Logo

KnowBe4.com 

  1. account security
  2. ai
  3. app
  4. christmas
  5. cyberattack
  6. cybercriminal
  7. cybersecurity
  8. data leak
  9. digital
  10. email fraud
  11. facebook
  12. false information
  13. holidays
  14. malware
  15. mobile app
  16. money
  17. news
  18. phishing
  19. phone
  20. qr code
  21. ransomware
  22. red flags
  23. scam
  24. security
  25. sensitivity
  26. shopping
  27. social media
  28. tax
  29. taxes
  30. text
  31. travel
Back to Top