What is scareware?
Scareware is malicious software that tricks computer users into visiting malware-infested websites. Also known as deception software, rogue scanner software, or fraudware, scareware may come in the form of pop-ups. These appear as legitimate warnings from antivirus software companies, and they claim your computer's files have been infected. They are so cleverly done that users are frightened into paying a fee to quickly purchase software that will fix the so-called problem. What they end up downloading, however, is fake antivirus software that is actually malware intended to steal the victim's personal data.
Fraudsters also use other tactics, such as sending out spam mail to distribute scareware. Once that email is opened, victims are then fooled into buying worthless services. Falling for these scams and releasing your credit card information opens the door for future identity theft crimes.
How does scareware work?
Scareware usually follows a pattern. Pop-ups suddenly warn you that dangerous files or porn have been found on your computer and will continue to pop up until you click on buttons that "remove all threats", or you are asked to register for antivirus software. Pop-up scams are designed to look like genuine warning messages. Using social engineering tactics, scareware pop-ups often:
- Mimic logos of legitimate antivirus programs and use similar-sounding names
- Show a screenshot of “infected” files on your computer
- Display a progress bar that shows your computer being "scanned"
- Contains flashing red images
- Use CAPS and exclamation points, with warnings to act fast or act now
These tactics are designed to incite feelings of panic and fear. They do this to encourage users to make irrational split-second decisions and to trick them into:
- Buying worthless software
- Downloading different types of malicious software, or
- Visiting websites that automatically download and install malicious software onto their devices
Reputable antivirus vendors don't solicit data through scare tactics. The more dramatic and persistent these alerts are, the more likely they are to be scareware. But cybercriminals take advantage of the fact that many people don't know that.
If you succumb to a pop-up saying “I have a virus” and click on the “Yes”, “Download” or “Protect Now!” buttons, potentially entering your credit card details in the process, then usually one of two things can happen:
- The less harmful outcome is that you lose some money and install some useless software that doesn't fix your computer but won't harm your computer, either.
- The more harmful option is that the scammers use your credit card and personal information to steal money from you and commit identity theft. They could even hold the contents of your hard drive hostage until you pay them a ransom.
How to know if you have a fake virus
If you think you may have fallen victim to a fake virus scam, indications to watch out for include:
- Numerous notifications or banners appearing on your screen. Fake antivirus pop-ups – often with all-caps text and exclamation points – are designed to cause panic by warning you about urgent security breaches.
- Decreased performance. A computer infected with malware will typically slow down, crash, and freeze. Malware is designed to make sure you can't do anything about it.
- Programs and features appearing at random. You might see a new icon on the desktop for a program you don't recognize, or your browser might display new toolbars along with a new homepage. These can cause you to download even more fraudulent programs.
- Inability to access programs or files. For example, you may see unusual error messages or blocked pathways.
- You recently clicked an online ad. Some banners might be malvertising – that is, malicious advertising. These are ads with embedded code that downloads dangerous programs onto your computer. Always search for and verify product names rather than click on online ads you are unsure of.
Common scareware examples include:
- Scareware websites or fake virus pop-ups. This is one of the more common forms of scareware—one that you can often find on scareware websites that are promoted on social media networks like Facebook. An ad pop-up poses as an antivirus program alert, attempting to trick users into thinking that malware is on their computer or smartphone. The objective is to nudge the user into clicking a link to download a "solution" to the problem. In reality, the link is a Trojan horse—instead of antivirus software, it’s loaded with a malware program that will cause damage.
- Scareware emails. This might involve an attacker sending an “urgent” email demanding immediate action from the recipient. Often, the email will use a spoofed sender address or email domain to appear as though it is coming from a legitimate source. The scareware email might ask the recipient to click on a download link to receive an antivirus software to remove a specific threat or share their access information to let "technical support” troubleshoot a problem.
- Scareware tech support calls. Strictly speaking, these are not scareware since malicious software isn’t involved. But these calls do rely on scaring the target into giving up sensitive information or giving the attacker access to sensitive systems. Typically, the attacker calls the victim while posing as a tech support agent or law enforcement, claiming that “suspicious activity has been traced to your computer.” Then, the attacker attempts to convince the victim to give them access to their computer or user account remotely. Once the victim has been tricked, the attacker uses their access to commit additional fraud.
Many scareware programs copy user interface elements from real malware protection programs and use names that sound legitimate. Scareware examples of fake antivirus and anti-malware solutions include:
- PC Protector
- Mac Defender
A scareware example in the news concerned an insurance agent in the US. He lost more than $2,000 in 2020 from a scareware scam that started with his computer and ended with a phone call. He paid the perpetrators directly to “fix” a problem with his computer, then paid a second amount when the criminals triggered a malware relapse.
How to remove scareware and minimize damage
Turn off your computer and consult an IT expert:
Someone savvy with IT can connect your hard drive to another machine and scan it for malware without starting up your operating systems. This prevents the malicious software from running and causing more problems.
Turn off your internet connection:
Disabling your Wi-Fi or switching off your router will help prevent the malware from sending your data to the perpetrators.
Change your passwords as soon as you can:
Start with your primary email account to which other services are linked. Your banking accounts should also be a priority, especially if you think your credit card information could be compromised.
How to prevent scareware – seven tips:
With the spread of iOS and Android scareware, it's essential to stay alert across platforms and operating systems. Practicing cyber hygiene is the best way to prevent scareware, pop-up scams, and Google virus scams. Some of the steps you can take include:
- Avoid clicking on malware notifications. If you see a pop-up, banner, or window warning you that your computer is infected and prompting you to download a software solution, it’s likely to be a scam. Don’t click on it.
- Avoid accidental downloads. To get rid of scareware pop-ups and scam pop-ups, close the browser window itself instead of clicking the "Close" or "X" buttons. On Windows, use Ctrl + Alt + Delete to open the Task Manager. Then, find the program under the Applications tab and click End Task.
- Keep your browser up to date. This helps protect against scareware pop-ups and fake virus scams. Enable automatic updates to ensure you are always using the latest version of your browser.
- Enable pop-up blockers. If you can prevent pop-ups, your screen won’t be filled with advertisements for fake security programs.
- Verify new software before you buy it. Never download anything from or provide credit card information or other personal information to a company whose name you don’t recognize. An internet search can help you distinguish between genuine software and fake software.
- Use the full range of cybersecurity tools. These include ad blockers, URL filters, and firewalls to help cut scareware off at the source and prevent fake malware warning pop-ups from reaching your screen.
- Always use genuine antivirus software. Using up-to-date antivirus protection from a trusted security provider is the best defense against scareware because it will alert you to potential threats and swiftly quarantine and remove any malware that does make it onto your device.
These security solutions protect against scareware, pop-up scams, and other online threats: