Cybercriminals are increasingly using Command-Line/Terminal attacks to try to gain access to your computer and the data it contains. In these scams, you may receive a website pop-up or email that tries to trick you into opening your computer's “command prompt” (a text-based interface used for advanced system commands) and typing in malicious commands on behalf of the bad actor to gain access to your computer.

Ϲ College IT will never send an unsolicited popup during web browsing asking for you to open a command prompt. If you receive one, exit out of the browser and restart your computer.


PROTECT YOURSELF FROM COMMAND-LINE/TERMINAL THREATS
These emails often use urgent or alarming language to scare you into immediate action, such as claiming your computer is infected with a virus or that your account has been compromised. This type of attack has four components, which will be set out as user instructions to:

  1. Copy the script.
  2. Open the terminal to run the script.
  3. Paste the copied text.
  4. Execute by confirming the actions (pressing enter/OK/verify, etc).

If you receive an unsolicited prompt for this action,

  • Do not open or click on any links or attachments in the message.
  • Do not follow any instructions in the message, especially those asking you to open the command prompt. Examples of what this may look like include, but are not limited to:

Windows Attack Example:

Windows Attack Example


Mac Attack Example:

Mac Attack Example

If you think you fell for one of these emails or pop-ups, or if you think you’ve clicked on a link or attachment in a scam email, please contact the IT Security team at security@bc.edu and they will provide you with next steps for protecting your account.This type of attack can lead to serious consequence such as:

  • Installing malware: Software that can steal your personal information, lock your files, or give attackers control of your computer.
  • Granting remote access: Allowing the attacker to connect to your computer and perform actions as if they were sitting in front of it.
  • Revealing sensitive information: Tricking you into displaying passwords or other confidential data.
Back To Top