Scareware is a type of malware that redirects people to malicious websites after they believe something’s wrong with their computer or mobile device. Cybercriminals developed scareware to capitalize on people’s fear of falling for the latest attacks.
How scareware works
Scareware generally presents as popup advertisements featuring wording and graphics meant to shock people and cause concern. The content might say their device has viruses on it or will experience a critical failure unless the reader acts immediately.
Because the warning is so alarming, people are more likely to click on the pop-up content without thinking.
Once they do that, they’ll land on a malicious website and get guided through actions that make it easier for cybercriminals to begin the infection process. Sometimes, people unknowingly download malware to their computers or phones just by clicking on the popup content to try to close it.
In other cases, cybercriminals purchase domains that are very close to the spellings of popular, genuine websites. When someone accidentally mistypes the intended URL, they are driven to the “evil twin” site instead, where they are shown a scareware message. They may be so surprised by the alleged device problems that they don’t even notice they typed in the wrong URL.
Signs of scareware
Some scareware functions as a wholly one-sided exchange. A victim sees a warning of a computer virus or similar problem, then clicks on the content to fix the issue. At that point, they get sent to another website — if malware doesn’t start immediately downloading onto their computer.
Scareware content often features exclamation marks, caution symbols, flashing graphics, and other characteristics to make people take notice and become frightened. Cybercriminals purposefully make the banners intrusive and annoying, hoping that people will hurriedly click on them, either out of fright or simply to get rid of them and continue browsing.
Scareware also frequently contains the names of products that will supposedly fix the problem. A banner might read, “Warning: Your computer has two trojan viruses. Click here to remove them with Security Toolkit XLT.”
Victims are often so caught up in the moment that they don’t take the time to research whether that program exists. (Spoiler: It doesn’t.)
Scareware attacks spanning multiple parties
Sometimes, however, the scareware attack involves people talking to scammers. In one case, a woman named Deborah had worked hard for decades and was preparing to retire. She typed what she thought was her bank’s URL into the browser’s address bar.
Unfortunately, she made a mistake and soon saw a warning message that her computer was infected, and she needed to contact a tech support representative right away.
Deborah called the provided number and began speaking to someone who seemed to be a tech support specialist. That person told her he needed access to her computer to remedy the problem. Plus, she had to download and install specialized software.
Once the representative had access, they searched her computer and confirmed the supposed virus had also compromised her bank account. The scam escalated, and the tech support person connected her to another individual from the bank’s fraud department.
That individual recommended that she transfer all her money into another specific account in order to protect it. Then, the fraud specialist said her retirement account was also affected by the original computer virus but connected her to a government tax agent to help.
That person, too, recommended that Deborah cash in her savings and move them to another account. They assured her that doing so would prevent the criminals from accessing it.
The problem, as you’ve no doubt already guessed, was that the tech support representative, the fraud specialist and the government tax agent were all scammers posing as those authority figures.
How do you prevent a scareware attack?
Being cautious is one of the most effective and simplest ways to prevent a scareware attack. These efforts aim to make people respond without thinking. They emphasize urgency, insisting that the problem will worsen if those affected don’t act immediately. So, the best thing people can do is think before acting.
Scareware is similar to malvertising. The latter involves concealing malware in an internet advertisement. One of the issues is that cybercriminals can purchase ad space on legitimate sites. They can then place infected ads there. That’s why one of the preventive measures associated with malvertising is to use ad-blocking software.
Scareware works a bit differently, but people can install antivirus software to make themselves less vulnerable. Besides getting that software installed, users must ensure they keep it updated. Otherwise, whatever tools they’ve purchased will be less likely to recognize the newest scareware or other threats.
4 steps of scareware removal
Removing scareware can be difficult, and people may need professional help. However, here are some starting points to try.
1. Check the device for unusual programs
Users should begin by going to the Applications folder on their computer or their phone’s app settings and looking for unexpected programs. You may want to research some of the most common names for known scareware, too.
2. Remove strange programs if possible
Many scareware programs become even more invasive once people attempt to remove them. Users may find their screen so filled with popup messages that they can’t close them fast enough.
However, you should at least try removing the programs from your devices before proceeding, either with the OS’s native app removal tool or a dedicated antivirus program.
3. Verify that antivirus software is still working
Many types of scareware disable antivirus tools. Doing that allows them to do more damage undetected and gain permissions that antivirus programs would otherwise prevent.
That’s why people should launch their antivirus programs and ensure all settings are enabled as expected. If not, you should turn them back on again. Now is also a great time to see if the antivirus tool needs updating.
4. Get professional help if needed
The first three steps above are sometimes sufficient for removing scareware from a system. Otherwise, users or their IT teams should contact a cybersecurity expert for further assistance. In more extreme cases, that person may advise factory resetting the device.
Scareware recovery
The first part of recovering from scareware involves users understanding that their computer has a genuine problem. It’s not the issue the popup message warns about, but the scareware has a virus at its root.
Scareware messages often have a payment aspect. For example, people may get prompted to enter their credit card number before downloading software that’s supposed to fix their computer problem.
Anyone who provided payment details when responding to a scareware message should assume hackers have compromised their bank accounts or credit cards. The first step is to contact the bank or card issuer to explain the problem and prevent unauthorized withdrawals.
You should also report the event to the authorities, both for your own records and to help with any possible law enforcement efforts to curtail future attacks.
After removing scareware yourself, with your IT team, or with further professional help, you should ensure your device’s OS is up to date, and all software is current. Cybercriminals often exploit security vulnerabilities in older systems.
Finally, users should be more aware of how they browse the web and which habits could make them more vulnerable to scareware attacks. For example, the next time you see an intrusive popup ad, the best approach is to close the whole tab or window that contains it rather than clicking anywhere within the advertisement.
Also, when doing something like online banking, you should either access a bookmarked page or dedicated app, or click on a link inside official banking correspondence. That way, there’s no risk of mistyping a web address and landing on a page set up for scareware.
Ransomware vs. scareware
Although ransomware and scareware have similar names, they have different approaches and effects on victims. Ransomware locks down computers or entire systems and demands that the affected parties pay specified amounts to fix the problem.
Statistics show a 1,885% ransomware attack rise over five years. That staggering takeaway emphasizes that this type of cyberattack is extremely prevalent.
However, paying the ransom only sometimes fixes the problem. People might get some or all of the data back, but their payments could be fruitless. Moreover, paying the ransom is only part of the associated costs. A 2023 Sophos report showed the mean recovery cost was $1.82 million, excluding ransom expenses.
Bottom line: Guarding against scareware
Scareware makes people act by capitalizing on fear, overwhelm, and urgency. It affects mobile devices as well as computers, and the theme is typically that the targeted individual has a device issue requiring immediate attention.
People can avoid scareware by keeping their antivirus tools, operating systems, and software updated. Using bookmarked pages when relevant instead of typing in URLs can also prevent them from unwittingly landing on scareware pages.
One of the most effective ways to protect yourself and your network from scareware and other malware is to use reliable antivirus software. To help sort through the options, we reviewed the best antivirus tools available.
You should also make sure you are running effective firewall software.
The post What Is Scareware? Definition, Examples, & Prevention appeared first on Enterprise Networking Planet.
