Skip to content

SCAM OF THE WEEK: Pastejack Attack

In this week’s scam, cybercriminals are trying to trick you into running malicious code using PowerShell, a powerful tool for executing commands on your computer.


Profile of concentrated young software developer eating pizza and coding at home-1

This technique is known as “pastejacking”, which involves copying and pasting malicious code into your computer and then allowing it to run.

This scam begins when you receive what appears to be an urgent email that contains an attachment. If you try to open the attachment, an error will display that says, “Failed to connect to the ‘OneDrive’ cloud service, to fix the error you need to update the DNS cache manually.” The message also provides a few lines of code and instructions on how to copy and paste it into a Windows PowerShell Terminal. The message urges you to take action, which is exactly what scammers want. If you follow their instructions, you will run a malicious command on your machine. The code will install malware, giving the scammers access to your personal data.

Follow these tips to avoid falling victim to pastejacking:

  • You will never receive a legitimate email that tells you to open an attachment using PowerShell. If you receive an email instructing you to use PowerShell, immediately report it to your IT team.
  • Be cautious of any emails that prompt you to take urgent action. Creating a sense of urgency is a common technique that scammers use to trick you.
  • If you are unsure about the legitimacy of an email or attachment, contact your organization’s IT or security team for further instructions.


Content provided by KnowBe4