Cybercriminals are increasingly using Command-Line/Terminal attacks to try to gain access to your computer and the data it contains. In these scams, you may receive a website pop-up or email that tries to trick you into opening your computer's “command prompt” (a text-based interface used for advanced system commands) and typing in malicious commands on behalf of the bad actor to gain access to your computer.
Boston College IT will never send an unsolicited popup during web browsing asking for you to open a command prompt. If you receive one, exit out of the browser and restart your computer.
PROTECT YOURSELF FROM COMMAND-LINE/TERMINAL THREATS
 These emails often use urgent or alarming language to scare you into immediate action, such as claiming your computer is infected with a virus or that your account has been compromised. This type of attack has four components, which will be set out as user instructions to:
- Copy the script.
- Open the terminal to run the script.
- Paste the copied text.
- Execute by confirming the actions (pressing enter/OK/verify, etc).
If you receive an unsolicited prompt for this action,
- Do not open or click on any links or attachments in the message.
- Do not follow any instructions in the message, especially those asking you to open the command prompt. Examples of what this may look like include, but are not limited to:
Windows Attack Example:
 
            
        
    
    
    
Mac Attack Example:
 
            
        
    
    
    
If you think you fell for one of these emails or pop-ups, or if you think you’ve clicked on a link or attachment in a scam email, please contact the IT Security team at security@bc.edu and they will provide you with next steps for protecting your account. This type of attack can lead to serious consequence such as:
- Installing malware: Software that can steal your personal information, lock your files, or give attackers control of your computer.
- Granting remote access: Allowing the attacker to connect to your computer and perform actions as if they were sitting in front of it.
- Revealing sensitive information: Tricking you into displaying passwords or other confidential data.
 
             
        
        
    