This notice came from my University's security team. I have edited down to be more of a PSA for the public and wanted to share this new tactic:
Many credible websites use a tool known as CAPTCHA to distinguish between real users and bots by asking you to enter text or select all correct images of a certain object. This new attack plays on this concept, but instead asks a user to run a snippet of code on their computer that contains malware.
These attacks will ask you to copy a section of code from a website and run it on your computer locally by pressing the Windows + R keys, and pasting in the malicious code.
If you come across or interact with a verification test that requests you do this, or a similar action, stop immediately and contact your IT Department (if it is a work machine) or contact your trusted IT Support for assistance.
You can find information about this scam here and some steps: MalwareBytes.com - Fake CAPTCHA Scam
Many credible websites use a tool known as CAPTCHA to distinguish between real users and bots by asking you to enter text or select all correct images of a certain object. This new attack plays on this concept, but instead asks a user to run a snippet of code on their computer that contains malware.
These attacks will ask you to copy a section of code from a website and run it on your computer locally by pressing the Windows + R keys, and pasting in the malicious code.
If you come across or interact with a verification test that requests you do this, or a similar action, stop immediately and contact your IT Department (if it is a work machine) or contact your trusted IT Support for assistance.
You can find information about this scam here and some steps: MalwareBytes.com - Fake CAPTCHA Scam
I work at the University (as well as now becoming a student), and they are starting to be more strict on everything, more so with security. They will be locking down Windows+R because of of this new style of attacks. There will be some exceptions like those who does use this on a daily basis (i.e., assistive technologies), but for normal users it will be blocked.