February 5, 2025

Paste Jacking – Looking out for new phishing schemes

Written by: 

Logan Weber
Cloud Services Administrator
NET Xperts LLC

Phishing is an ever-changing cat-and-mouse game of malicious actors trying to trick people into revealing sensitive information or installing malicious software. A type of phishing that I’ve seen a bit of buzz about lately is something called Paste Jacking. In this, a website or an email asks the user to copy and paste malicious commands to their computer.

In its simplest form it may ask you to do three quick steps:

  1. Press Windows Button + R
  2. Press CTRL + V
  3. Press Enter

Doing these steps with a dangerous command copied to your clipboard can potentially install viruses and malware on the computer.

In some ways, this trick is straightforward: Just ask the user to run a dangerous command. But it’s also clever. A common way people fix problems is by researching issues on the internet and copying and pasting commands that should fix this, even if one isn’t entirely sure of what that command does.

Some things to look out for:

  • One way this comes up is with a fake CAPTCHA. CAPTCHAs are the frustrating things on the internet that ask a user to verify they are human by doing a task that’s intended to distinguish humans from machines. The two most common forms of this task are text-based CAPTCHAs and image CAPTCHAs. Text-based ones use distorted letters and numbers, while image CAPTCHAs require users to identify objects in real-life images. A real CAPTCHA will never ask you to copy and paste or to run a command.
  • Occasionally this comes up with fake blog posts about fixing a common technical issue, but instead, it has a malicious command. We don’t recommend copying and pasting commands from blogs or forums to fix work issues. Though we don’t recommend it, I do understand that often for personal issues on personal devices, it is common to do research on the internet and find recommendations on blogs and forums. If this is the case make sure you get your information from a known place, and if it is community-generated content that it has good feedback. If possible, I would also recommend understanding the steps that you are following or the commands you are running.

As always, one of the best ways to protect yourself is knowing what to look out for and best practices.

To secure your business with solutions that go beyond training and offer complete protection, call us today at 412-244-NETX (6389).

NET Xperts Team
0
Tags :
Client Portal

We're a team of Certified Professionals with the expertise to design and implement technological systems that meet your needs.



Want Quarterly Updates From Us? Join Our Newsletter!

Company

Company

Careers

Contact Us

History

News

Blog



Legal Information

Services

NET X Alert! Managed Services
NET X Cloud Nine
NET X Cybersecurity
Sales
Service
Support


Privacy Statement

Customers

Customer Center
Submit A Service Request
Feedback
Request A Quote
Request More Info



Return Policy