Scareware is malicious software that tricks computer users into visiting malware-infested websites. Also known as deception software, rogue scanner software, or fraudware, scareware may come in the form of pop-ups. These appear as legitimate warnings from antivirus software companies, and they claim your computer's files have been infected. They are so cleverly done that users are frightened into paying a fee to quickly purchase software that will fix the so-called problem. What they end up downloading, however, is fake antivirus software that is actually malware intended to steal the victim's personal data.
Fraudsters also use other tactics, such as sending out spam mail to distribute scareware. Once that email is opened, victims are then fooled into buying worthless services. Falling for these scams and releasing your credit card information opens the door for future identity theft crimes.
Scareware usually follows a pattern. Pop-ups suddenly warn you that dangerous files or porn have been found on your computer and will continue to pop up until you click on buttons that "remove all threats", or you are asked to register for antivirus software. Pop-up scams are designed to look like genuine warning messages. Using social engineering tactics, scareware pop-ups often:
These tactics are designed to incite feelings of panic and fear. They do this to encourage users to make irrational split-second decisions and to trick them into:
Reputable antivirus vendors don't solicit data through scare tactics. The more dramatic and persistent these alerts are, the more likely they are to be scareware. But cybercriminals take advantage of the fact that many people don't know that.
If you succumb to a pop-up saying “I have a virus” and click on the “Yes”, “Download” or “Protect Now!” buttons, potentially entering your credit card details in the process, then usually one of two things can happen:
If you think you may have fallen victim to a fake virus scam, indications to watch out for include:
Common scareware examples include:
Many scareware programs copy user interface elements from real malware protection programs and use names that sound legitimate. Scareware examples of fake antivirus and anti-malware solutions include:
A scareware example in the news concerned an insurance agent in the US. He lost more than $2,000 in 2020 from a scareware scam that started with his computer and ended with a phone call. He paid the perpetrators directly to “fix” a problem with his computer, then paid a second amount when the criminals triggered a malware relapse.
Turn off your computer and consult an IT expert:
Someone savvy with IT can connect your hard drive to another machine and scan it for malware without starting up your operating systems. This prevents the malicious software from running and causing more problems.
Turn off your internet connection:
Disabling your Wi-Fi or switching off your router will help prevent the malware from sending your data to the perpetrators.
Change your passwords as soon as you can:
Start with your primary email account to which other services are linked. Your banking accounts should also be a priority, especially if you think your credit card information could be compromised.
With the spread of iOS and Android scareware, it's essential to stay alert across platforms and operating systems. Practicing cyber hygiene is the best way to prevent scareware, pop-up scams, and Google virus scams. Some of the steps you can take include: