This Dangerous Email Tricks You Into Hacking Your Own PC
Do not be tricked into hacking your own PC.
getty
Take a walk through any major tourist city in the world, and eventually you will see them. On a bridge or promenade or in a park. Someone sitting with three plastic cups and a bunch of onlookers, watching as someone is scammed.
Everyone knows it's a scam. It doesn't matter that you've watched as the marble is placed under a cup, keeping an eagle eye on it as the three cups are swapped around. The marble has moved and you cannot win. You know you should know better.
So it is with the so-called ClickFix lures currently hacking PCs around the world. The leading example of the new wave of 'scam yourself' attacks, you know you should know better. But the cleverness of the hook, the trickery of the scammer still works.
As McAfee explains, ClickFix attacks 'begin with users being lured to visit seemingly legitimate but compromised websites. Upon visiting, victims are redirected to domains hosting fake popup windows that instruct them to paste a script into a PowerShell terminal.' In reality, this 'sophisticated form of social engineering, leveraging the appearance of authenticity' just 'manipulates users into executing malicious scripts.'
The email lure.
Cofense
A new warning from Cofense has just outed one of the most devious lures I've seen recently. It's a nasty attack that plays on the human emotions and fears of the victim being scammed, so much so that they don't see the attack coming. But they should.
The dangerous email lure is sent to businesses in the travel industry, purporting to be from market giant Booking.com, warning that a customer has made a serious complaint and giving the recipient a time-boxed opportunity to respond using the link provided.
This click launches ClickFix
Cofense
'While the exact email structure varies from sample to sample,' Cofense says, 'these campaigns generally provide Booking.com-spoofing emails with embedded links to a ClickFix fake CAPTCHA site which is used to deliver a malicious script that runs RATs and/or information stealers.'
The campaign 'preys on the recipient's fear of leaving a guest dissatisfied' and might 'claim that a guest was trying to contact the hotel but was unable to get a response.' Cofense provides one such example, which is 'particularly notable for mentioning potential reputational damage and giving a strict 24-hour deadline for compliance.'
ClickFix attack.
Cofense
Not all these attacks are negative, some suggest requests or questions from future (imaginary) guests, while also providing a link for the hotel operator to respond. 'The emails used in these campaigns will sometimes state that the embedded link only works on Windows computers,' simply because this malware only infects Windows PCs.
But despite the lure, the attack is the same as all the others. In this case it's a CAPTCHA 'Robot or Human?" challenge, which instructs the user to open a Windows prompt and paste in the text on the PC's clipboard, and then press Enter. Absent a few wording changes, there is no variation in this part of the attack. It's the most blatant tell.
Cofense says some of the latest attacks used Cloudflare CAPTCHAs while others used Booking.com's brand instead. The instructions, though, are all the same. Once you know about ClickFix, in theory at least you can't be fooled. But the cybercriminals will try nonetheless, and the attacks are flying, so it's working.
Don't be fooled. Never paste in copied text and hit Enter in this way. Whether it's a CAPTCHA, a secure website or document restriction, or a technical fault, it's always an attack. And the hacker is always you.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Entrepreneur
17 hours ago
- Entrepreneur
Cut Overhead, Not Capabilities: Microsoft Office Pro 2021 Is Just $49.97
Disclosure: Our goal is to feature products and services that we think you'll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners. If you're running a business, managing a team, or just trying to stay ahead in a demanding field, you know how essential your software stack is. Right now, you can ditch the subscription model (like Microsoft 365) and own a full-featured, professional Office suite for a one-time cost of just $49.97 (reg. $219.99). That's a significant savings over the 2024 version, which offers only five apps but demands a higher price tag. Office 2021 Professional still offers everything most professionals need to do their jobs exceptionally well: Word, Excel, PowerPoint, Outlook, Teams (free version), OneNote, Publisher, and Access. The tools are robust, familiar, and built to handle real business tasks—whether you're formatting a client proposal, managing spreadsheets, designing print collateral, or coordinating project details via email. It runs natively on your Windows machine, is optimized for performance, and includes updated features like enhanced Excel functions, visual refreshes in PowerPoint, and improved collaboration tools in Word. It's stable, streamlined, and doesn't require constant online syncing or cloud dependence to perform. For entrepreneurs and small teams who prioritize functionality over flash, Office 2021 Pro strikes the perfect balance. You get the same professional-grade software trusted by Fortune 500s without the recurring fees or unnecessary extras. This version is ideal for independent professionals, remote workers, and business owners who don't require Microsoft's latest innovations but seek proven reliability. It's especially valuable if you're outfitting multiple employees and need to keep costs in check without sacrificing quality. Unlike Microsoft 365, which renews monthly or annually, this is a perpetual license—you buy it once, and it's yours for life on one Windows PC. That means no surprise charges, no account expiration, and no downgrade in features. Don't miss the chance to own Microsoft Office Professional 2021 for Windows for $49.97 (reg. $219.99) for a limited time. Microsoft Office Professional 2021 for Windows: Lifetime License See Deal StackSocial prices subject to change.
Forbes
2 days ago
- Forbes
Microsoft Issues Critical Windows Update—Do Not Delete This
You have been warned — do not hit delete. NurPhoto via Getty Images You won't like this. If you're at risk from this Windows security vulnerability, the fix is a nightmare unless you're a fairly expert user. That's not ideal, and it's all down to an update quietly installed on your PC without explanation in April. You may recall the awkward saga of the 'inetpub' folder and 'Microsoft's confusing messaging on deleting or not deleting this mysterious folder on your PC that could leave you and your PC at risk.' Plenty of users deleted the folder that suddenly turned up. 'After installing this update or a later Windows update,' Microsoft later explained, the new folder will appear on your device. 'This folder should not be deleted.' This empty folder, Windows Latest explains, 'is typically associated with Internet Information Services (IIS), which is a native Windows service that allows developers to host websites or apps on Windows 11.' The empty folder appeared without explanation. 'Some of us assumed that it's a bug with the cumulative update and deleted the folder.' Now we have news of an actual fix. 'If you deleted the 'inetpub' folder, created after Windows April 2025 updates,' Windows Latest warns, 'you need to immediately bring it back.' You can turn on the IIS service or 'use a new PowerShell script.' Only after all those deletions did the explanation come. The 'inetpub' folder 'is created as part of a security patch for CVE-2025-21204,' Windows Latest says, 'and it doesn't matter whether IIS is turned on or not. It'll show up, and you're not supposed to delete it, and if you deleted it, please bring it back, according to Microsoft.' You can turn on IIS, 'however, that's something most people don't want to do because IIS also creates additional folders, which are not required unless you're a developer. Instead you can run Microsoft's newly released PowerShell script. First ensure you're logged in as an Administrator, then you can follow Windows Latest's instructions: Mostly users are unlikely to go through this, which will leave them at risk. 'As per Microsoft, without the folder and its correct ACLs (Access Control Lists), you remain exposed to potential privilege escalation or unauthorized access.'
Yahoo
2 days ago
- Yahoo
LinkedIn CEO to Oversee Office and Copilot Under Microsoft Restructure
Microsoft (MSFT, Financials) CEO Satya Nadella reassigned responsibilities within the company's productivity and artificial intelligence divisions in a memo viewed by Reuters on Wednesday. Ryan Roslansky, chief executive officer of LinkedIn, will continue leading the business-focused social network while assuming oversight of Office applications and Copilot, Microsoft's enterprise AI assistant. Warning! GuruFocus has detected 5 Warning Sign with MSFT. Roslansky will report to Rajesh Jha, who manages Windows, Teams and other core products. Under the new structure, existing Office leaders Sumit Chauhan and Gaurav Sareen will also report to Jha. In addition, Charles Lamannawho heads Copilot for business and industrial userswill join Jha's reporting line, the memo said. Nadella's internal realignment aims to integrate LinkedIn more closely with Microsoft's broader productivity suite. Roslansky's new duties include overseeing Word, Excel and other Office applications alongside Copilot. Analysts say the move could accelerate the development of AI-powered features across Microsoft's productivity offerings. The changes come amid intensifying competition in business-to-business AI and collaboration tools. Copilot, launched earlier this year, is a key growth driver as enterprises seek to automate workflows. By shifting Copilot's leadership under Jhawho already supervises Windows and TeamsMicrosoft intends to streamline decision-making for its AI and productivity businesses. The reorganization follows similar structures at other technology firms, which combine social networking data with productivity tools to boost engagement. Roslansky, who became LinkedIn CEO in June 2020, led LinkedIn through record levels of membership and revenue growth. His expanded role signals Microsoft's commitment to embedding LinkedIn's professional network into its core productivity services. This article first appeared on GuruFocus. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
