What is Scareware – How to Spot and Avoid Online Scams

Provided By Norton, Inc.

Scareware is a type of malware that leverages pop-up ads and social engineering tactics to manipulate online users into believing they need to buy or download software that’s indeed useless or malicious.

In simpler terms, scareware is a scam, one that reveals itself in the form of pop-up ads encouraging users to act fast to address an alleged cybersecurity problem. As the name suggests, it scares users into handing over their confidential data to what they believe is a legitimate solution to their cybersecurity problem. 

And the consequence of downloading scareware can vary and can include credit card fraud or identity theft. Thankfully, there is less need to fear over this cyberattack if you know just what is scareware, how to spot it, and scareware removal tactics — and that’s what we cover here. 

Scareware examples

There’s a reason why cybercriminals turn to scareware so often: It’s an effective way for them to steal your credit card information, trick you out of your money, and gain access to your computer. And they do this using a few common techniques, like virus removal scams, clickjacking, peddling fake antivirus, and tech support scams. 

For perspective, here are some of the earliest real-world scareware examples:       

• In 2006, Microsoft and the Washington state attorney general filed a joint lawsuit against the software vendor Secure Computer, alleging it peddled Spyware Cleaner to Microsoft users that was scareware.      
• In 2009, a Russian online payment processor, ChronoPay, approached Mac users with scareware that encouraged them to buy fake antivirus software.       
• In 2010, newspaper readers were lured by Best Western ads to fake websites that downloaded malware on devices.       
• Between 2009 – 2016, Office Depot and OfficeMax customers were manipulated into buying repair services after a PC Health Check insisted their devices were ridden with threats.

Scareware Explained + How To Identify It

If you’re still wondering “what is scareware” the answer also lies in the question “is scareware a malware attack?” And the answer is yes. As with all malware, it can be delivered in a few different ways. But what causes scareware is all the same — scare tactics. 

Also known as deception software, rogue scanner software, or fraudware, scareware generally works like this:

1. A pop-up warns that your device has been compromised, perhaps by a virus or dangerous file, inciting feelings of shock, anxiety, or panic.
2. The pop-up continues popping up until you click the call to action, perhaps a “download,” “visit website,” or “close” button. When you do, it might redirect you to an alleged solution for your cybersecurity problem, such as antivirus.
3. Once you’ve engaged with the pop-up, malware is downloaded on your device, perhaps by yourself or via a drive-by download on a fake website. Ultimately, your data is put at risk, leaving you susceptible to malicious acts. 

That malice can come in the form of your computer being held for ransom, bloatware being installed, spyware creeping on your activities, data theft, or credit card fraud — because you’ve given your payment information to a scammer — or identity theft.

Bottom line: No one wants to be a victim of scareware. You can face those fears head-on by familiarizing yourself with the following tell-tale scareware signs:       

• The pop-up is dire, perhaps indicating your computer is infected with hundreds of viruses and potentially using all caps and many exclamation points.       
• The pop-up warns you to act fast because the cybercriminals behind these attacks want you to purchase and install their malware quickly before you have a chance to think about it.       
• The pop-up is hard to close, or clicking on the “X” button to close it instead brings up more pop-ups.       
• You’ve never heard of the software company that’s trying to get you to download its product.        
• It immediately scans your computer for viruses, displaying a list of the dozens or hundreds of viruses uncovered. 

5 Tips For Scareware Prevention

When it comes to scareware, the ideal scenario is that you never get it from the start. Fortunately, a bit of common sense can go a long way in preventing scareware attacks, as well as the following best practices:

1. Don’t click malware notifications: Never click on any links or “download” buttons on pop-ups. Instead, close your browser if it won’t go away and, as an alternative, do a hard shutdown of your device. 
2. Keep your browser updated: By quickly approving updates to your browser, you’ll give yourself the most protection from scareware pop-ups. Consider enabling automatic updates to never miss a security patch.
3. Enable pop-up blockers: If you can prevent pop-ups, your screen won’t get filled with advertisements for fake security programs.
4. Verify new software before you buy it: Never download anything from or provide credit card information or other personal information to a company whose name you don’t recognize. A quick Google search can tell you if a software is genuinely being advertised to you or if it’s a malvertisement. 
5. Harness your cybersecurity tools: Take the guesswork out of whether you’re dealing with scareware by investing in antivirus software and enabling URL filters, firewalls, etc. 

Sure, scareware can be, well, pretty scary. However, if you approach your online interactions with a Cyber Safe mindset, you can avoid these types of cyber threats to the fullest.