Attackers are using a deceptive technique to trick users into running malicious commands on their computers. This scam often involves fake CAPTCHA tests, phishing emails, or fraudulent tech support calls.
How It Works
-
The attacker instructs the victim to press the **Windows Key + R**, which opens the "Run" dialog box.
-
The victim is then asked to paste a command (often a PowerShell script) into the dialog box and execute it.
-
This command can download and run malware, such as information stealers, ransomware, or other harmful programs.
Common Scenarios
-
Fake CAPTCHA Tests: Users are tricked into thinking they need to complete a CAPTCHA verification. The instructions include pressing "Windows + R" and running a command.
-
Tech Support Scams: Fraudsters impersonate legitimate companies, claiming there’s an issue with the victim’s computer and guiding them to execute malicious commands.
What to Do
-
Do Not Follow Instructions - Never run commands provided by unknown sources.
-
Verify Legitimacy - If contacted by "tech support," independently verify their identity by contacting the company directly.
-
Use Security Software - Keep your antivirus and anti-malware tools updated.
-
Report the Attack - Notify Hancock College Information Security about the incident.
Stay vigilant and always question unexpected instructions!