- Your Digital Life Simplified!
- (800) 669-2022
When AI Turns Criminal: How to Spot, Stop, and Stay Safe from New Deepfake and Phishing Scams
March 26, 2026
Infostealers are a type of malware that quietly steal passwords, payment details, and other personal data. One of the more common tricks to get this malware onto your computer involves a fake “CAPTCHA” or verification popup that looks legitimate. These popups use urgent language, fake progress bars or familiar company logos, and sometimes support phone numbers. Unlike real CAPTCHAs, they may instruct you to press keys, open Command Prompt/Terminal, or paste and run commands – all steps that let attackers install infostealers or remote access tools onto your computer if you follow them.
How to recognize this specific trick (quick checks)
- The page asks you to open Command Prompt/Terminal, paste a command, or run a downloaded script. Legit CAPTCHAs never ask for that.
- It directs you to press keys (e.g., Windows key) or run commands like “powershell -nop -w hidden -c …” or long base64-looking strings.
- The popup appears in a browser tab or new window, not as a native system verification dialog.
- It pressures you with countdowns, threats, or messages about account suspension.
- The commands it asks you to run request elevated rights, disable security, or download/run files.
- It provides a phone number to call for help – a common social-engineering tactic.
Why this is dangerous?
Running their commands can:
- Download and install infostealers, remote-access tools, or ransomware.
- Disable antivirus or security features.
- Give attackers persistent access to your machine and data.
- Execute scripts that steal browser passwords, tokens, or system data immediately.
Immediate actions if you see this popup
- Do not press keys, open Command Prompt/Terminal, or run any commands.
- Close the tab or window. If it won’t close, force-quit the browser.
- Do not call any phone number or engage with on-page chat/support.
- Clear your browser cache and history, then restart the browser.
If you copied a command but didn’t run it, discard it and do not paste it anywhere.
If you ran a command, disconnect from the internet immediately and follow the “If you were infected” steps below.
If you already ran the command or followed instructions
- Disconnect from the network (turn off Wi‑Fi or unplug Ethernet).
- Use a clean device to change passwords for important accounts and enable 2FA.
- Run a full scan with reputable antivirus/anti‑malware software; consider bootable rescue media if infection is suspected.
If sensitive accounts or finances were exposed, contact your bank and providers.
If unsure how to proceed or device is used for work, get a trusted IT professional, like TeCHS, to inspect the system; consider reinstalling the OS if you can’t be certain the system is clean.
Preventive tips
- Never run commands from webpages or unknown sources.
- Real CAPTCHAs only require clicking boxes or solving image/text tasks — they never ask to open system terminals.
- Keep OS and security software updated.
- Use a standard (non-admin) account for everyday use so commands requiring admin approval are blocked unless explicitly allowed.
- Use a reputable ad/pop-up blocker and avoid suspicious sites.
- If in doubt, close the browser and access the site again from a clean tab or device.
Have questions? Contact TeCHS!
