What is scareware?

Scareware is rogue software that preys on people’s fears and lack of technical expertise, persuades you to unwittingly compromise your security, and ultimately defrauds you of your money or identity – or both. And it’s extremely profitable for cybercriminals.

Usually scareware takes the form of fake virus alerts, phoney software updates or sham malware removal tools that frighten you into believing your device is infected or needs updating. You’re tricked into clicking on the ‘download’, thinking you’re getting genuine antivirus software, a real threat removal product or an essential update.

In reality, the threats are false and you end up downloading malicious software. Once installed, this software might run a fake ‘scan’, find more bogus threats and persuade you to pay to remove them.

Not only have you then coughed up for a useless and potentially harmful product, but you’ve inadvertently given away your credit card details and your identity – which may later be used to access your accounts, or passed on to a third party.

It doesn’t happen often, but you could even find yourself being extorted if a hacker is able to hijack your device and lock you out of it – demanding payment before allowing you back in.

How do I identify it?

Scareware aims to frighten you into taking immediate action, so typically you’ll see a pop-up message along the lines of ‘Warning! Spyware found!’ or ‘Warning! Your computer is infected!’

Often this sort of message will pop up repeatedly, using language designed to instil fear and uncertainty and compel you to ‘click’.

Scareware can be very convincing and may even impersonate legitimate security software products that you know and trust.

How does it get in?

Scareware can present itself as a message or an advert in a pop-up window, an email, message or text attachment, or a link on a legitimate web page. Unfortunately, you can also pick up ‘drive-by’ scareware simply by visiting a compromised legitimate website.

Increasingly, hackers are using Search Engine Optimisation poisoning, which aims to trick a search engine into associating a malicious web page with common search words or phrases. The page gets listed in the search results, which makes it appear legitimate and increases the chances of users clicking on it.

How do I protect against it?

Make sure you have up-to-date, legitimate comprehensive Internet security software installed on your device. Obtain it from a reliable and trustworthy company, via the official website or a well-known retailer.

Keep the software up to date, keep your firewall on and run regular scans. This way, you should be alerted to any scareware before you fall prey to its tactics.

• Be vigilant. Any threat of imminent disaster and directions to download the ‘solution’ immediately is almost certainly a scam. Scareware aims to panic you into making a bad decision.
• Stop and think. Follow your instinct. If something feels wrong, it probably is.
• Don’t click anywhere on pop-up ads or dialogue boxes. The window may have a ‘clickjacking’ feature that launches a malware download or directs you to a malicious website if you click on the X or Cancel to close the window. Be especially careful not to click on any ‘download’ button. Instead, save whatever you were working on. Then bring up the Task Manager using Ctrl+Alt+Delete and, under the Applications tab, click on End Task for the program. On a Mac, use Force Quit.
• Block browser pop-ups from automatically appearing. Here’s how to manage pop-ups for Google Chrome, Safari, Firefox and Internet Explorer 11.
• Don’t download anything from a source you haven’t researched and whose trustworthiness is unknown.
• Never open file attachments or click on links in unsolicited emails, messages or texts.
• Consider reading emails in plain text (text only) instead of HTML (which allows embedded graphics, stylised and coloured text, tables and links). It may not look as pretty, but plain text exposes suspicious HTML links within emails.
• Don’t open any link or attachment from friends via social networks without checking that it’s genuine.

Face the fear

Scareware is just one more trick up the sleeve of those resourceful cybercrooks – but being aware of it is half the battle. With our tips showing you what scareware is, how to identify it and what to do if it shows up your screen, you’ll be well placed to protect yourself and your family against such fraudsters.

Stay alert, stand firm and don’t be bullied into doing something that could put your device and your personal data at risk.