How much do you know about malware attacks? You may know not to click suspicious links and stay away from dodgy advertisements, which is definitely a good start. However, as the general public’s knowledge of malware and viruses escalates, so, too, do the people who make them. As people get warier, malware developers devise new ways to slip under a user’s sense of security to deliver the malicious software. One of the more powerful methods of getting to a user is by utilising fear. This is the goal of scareware, and it’s every bit as scary as it sounds; after all, being scary is what scareware is all about!
Much like most “scary” things, however, once you learn how it works and how it’s used against you, it’s much less scary than before. So, let’s break open scareware and see how it works.
What Is Scareware?
Imagine you’re browsing the web one day. You access a particularly innocent-looking website, when suddenly a pop-up appears. This pop-up informs you that it has scanned your system and found a nasty virus. In order to get rid of it, you need to download specific software.
This is the beginning of a scareware “attack.” The idea is that the user is so terrified at the prospect of a virus that they click the pop-up to solve the problem. The user then downloads and installs the software advertised in order to get rid of the virus.
While it may seem innocent on the surface, the intent is nothing but. The “virus scan” the user saw wasn’t a scan whatsoever; it was just an advertisement pretending to be one. The goal is to scare people into clicking the advert, thinking that it was a legitimate virus scan. Gripped by fear, the user will then accept and download any software the advert gives them in order to get rid of the fictitious threat. Some particularly nasty examples mimic very popular antivirus software to trick you into thinking it’s legitimate. Lifewire covered some nasty scareware examples, and they found this example which tries to mimic a computer blue screen.
What’s the Goal of Scareware?
Most of the time the goal of the software is to extract money. It will perform a scan on your system, going so far as to list the files in a computer to increase its credibility. Unfortunately, the scan won’t do any legitimate scanning and will simply claim you have a virus. It will then offer to remove the virus, but only if you upgrade the software from its “trial” plan to a “pro” one (which isn’t any more proficient than its trial version at all). Here’s an example from Symantec where they talk about a pretty nasty piece of scareware called SpySheriff.
Of course, to upgrade to the full version, you’re going to have to pay what they’re charging. If a user falls for this trap, the best-case scenario is that they pay the money, and the scammers make off with a little more in their pockets. The worst-case scenario is that the scammers get hold of the user’s entire credit card information, and then the problems really start.
Sometimes the software the user downloads is actually a virus in disguise. This is a nasty example of someone being fooled by a fake virus scan and downloading a legitimate virus to help combat it! At this point, having anything less than a proper antivirus or anti-malware solution on the PC will end with some nasty damage being done – even more so if the user believes the phony software is legitimately protecting them.
What Should I Do If I See It?
So what should you do if you encounter scareware on the Internet? Is it too late, or can you still dodge it?
One thing to take note is that scareware adverts by themselves don’t do much. Pop-ups and adverts don’t have permission to install software on your computer right away. Just because you saw the advert doesn’t mean scareware is now on your system. As long as you don’t click the advert and download anything, you should be fine. This is the main weakness to scareware; if it fails to successfully scare a user to download its software, it doesn’t work whatsoever.
Should scareware end up installed on your PC, either because it was installed directly or because it was hidden within a shady installer, then you’re going to want to remove it before it does any damage. Programs such as Malwarebytes are efficient at helping remove these kinds of threats, so download a trusted anti-malware tool to help get rid of the scareware.
But What If I Think It’s Right?
Let’s say you’ve seen one of these scareware ads. You know it’s highly likely to be a scam, but it still worries you. What if you actually do have a virus on your computer? What if the fear of viruses on your computer tempts you to believe the advert?
If you’re legitimately worried by a scareware claim, try to fix the problem without using the software it advertises. Hopefully you have an antivirus solution already installed on your system, so do a scan with it to see if it finds any issues. If you don’t have antivirus installed, download and use trusted antivirus software that’s reviewed very well in the technology world. You can see the best antiviruses over at AV Test which grades and rates each one on its efficiency. If your current, trusted antivirus claims there’s no threats, it’s best to trust a well-received antivirus over a random advert on the Internet!
As scary as it first sounds, the tactics used by scareware are only efficient if you don’t know how they work. Now that you do, you’ll be equipped to identify and ignore them when they appear.
Have you ever been scared into downloading something harmful? Or have they never been successful against you? Let us know in the comments.