Skip to main content
Cybersecurity

Security pros see rise in ‘scam-yourself’ tactics

Gen saw a 614% quarterly increase in attacks involving prompt manipulation.
article cover

Francis Scialabba

3 min read

Like that one kid in every group project in high school, malicious hackers are tricking you into doing a lot of the hard work.

Cybersecurity company Gen examined its Q3 threat data and saw a 614% quarterly increase in “scam-yourself” attacks: fake tutorials, updates, CAPTCHAs, and fixes that trick users into deploying step-by-step malware installation. Several researchers and vendors have noticed the social engineering trend this year.

“For security solutions, it might be harder to identify that this is a malicious action, as we’re seeing it’s the user doing it,” Luis Corrons, security evangelist at Gen, told IT Brew.

In its report, Gen observed deceptive examples:

  • YouTube tutorials: A video, cited by Gen, walks the user through a software installation, but a download link, found in the comments, leads to malware.
  • README files: The cybersecurity company shared screenshots of instructions that lead to malicious actions, like disabling antivirus software.
  • ClickFixes: Gen observed alert windows that convince users to remediate a problem by copying a script to a clipboard, pasting it to the command prompt, and hitting “enter.”

It’s not just Gen. IT Brew has also reported on fake CAPTCHAs that weaponize copy-and-paste and trick humans-just-trying-to-prove-they’re-humans into running malicious commands. (In Q3 alone, Gen claims it stopped fake CAPTCHA attacks against 2.1 million users.)

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

The managed detection and response provider Expel, in October, also reported an increase in the false CAPTCHA tactic.

Aaron Walton, threat intelligence analyst at Expel, said systems sometimes miss the detection of JavaScript execution and recommended a nifty trick to defend against the self-scamming malware threat: Through Group Policy, assign file extensions to default to Notepad.

“If a user double-clicks it, it’s going to open in a text editor, and that’s going to prevent them from running something that they think is an update but is actually just a malicious script,” Walton said.

Corrons recommends IT pros set up endpoint policies to restrict the use of automation tools like PowerShell, and even perhaps downloads outside of the internal network. The configurations can help to prevent an attack that appears to allow a malicious hacker to sit back and let the target do the heavy grifting.

“It seems that it’s working. Otherwise they wouldn’t be trying,” Corrons said.

Stat: Verizon claims that 68% of the breaches studied in its 2024 data breach investigation involved the “human element,” or what Chris Novak, the company’s vice president of global cybersecurity solutions said referred to “either an action that a human takes, or a mechanism a human could have avoided to prevent an incident from occurring.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.