What is Scareware and Why is it Dangerous?

October 31, 2019 Eric Dosal Eric Dosal

These days, there are countless cyber threats that individuals and organizations alike have to keep an eye out for. Many people are familiar with the “usual suspects,” like computer viruses/malware, phishing attacks, and ransomware.

However, there are many cyber attack strategies that most people aren’t aware of. Because people aren’t knowledgeable about these cyber threats, they may be vulnerable to them. One such cyber threat is scareware.

What is scareware? Why do hackers use scareware tactics? How is it used against people online? Here’s a quick definition of scareware and how cybercriminals use it to target individuals and businesses.

A Quick Scareware Definition

A simple scareware definition is that it’s a kind of social attack that uses fear tactics to scare a target into taking a particular action. The specific action will vary depending on the type of scareware attack being carried out.

For example, some scareware attacks try to trick recipients into surrendering their user account login information. Others try to trick victims into clicking on malware links using fake virus alert popups.

Scareware is sometimes referred to as rogue malware when it poses as security software alerts.

How Does Scareware Benefit Cybercriminals?

So, why do cybercriminals use scareware tactics? What do they get out of it? The motives behind using scareware vary, but one of the primary reasons cybercriminals use scareware is that it’s a convenient way for them to sneak other malware onto their target’s device.

By scaring the target into clicking on a malicious link, the attacker can get other forms of malware onto the victim’s network or steal the user’s account credentials —enabling other malware-based cyberattack strategies. In other words, scareware is often a means to an end, not the end itself.

Another reason that an attacker might use scareware is to trick the target into buying a bogus antivirus solution—thus giving up credit card information that the attacker can use to commit fraud.

Scareware Examples to Learn From

One of the first things that people need to do to protect themselves against scareware and other cyber threats is to learn to recognize these threats when they see them. Knowing what scareware attacks look like can help employees to avoid them and take appropriate measures to minimize risk.

To help improve awareness and recognition, here are a few scareware examples to learn from:

  • Scareware Emails. This is a social attack tactic where the attacker sends an “urgent” email demanding immediate action from the recipient. In many cases, the email will use a spoofed sender address or email domain to look like it’s coming from a legitimate source. The scareware email might demand that the recipient click on a download link to get an antivirus software to purge a specific threat, or to share their access information to let “tech support” troubleshoot a problem.
  • Scareware Website Popups. This is one of the more common forms of scareware—one that can often be found on websites that are heavily promoted on social media channels like Facebook. Here, an ad pop-up poses as an antivirus program alert, attempting to trick the user into thinking that there’s malware on their computer or smartphone. The goal is to get the user to click on a link in the ad to download a “solution” to the problem. The problem is that the link is a Trojan horse—instead of an antivirus, it’s loaded with a malware program that will cause damage. Many of these pop ups are persistent, and don’t have an easy way to close them outside of hitting CTRL-ALT-DEL and shutting down the process in Task Manager (and even that isn’t always enough).
  • Scareware Tech Support Calls. It’s a bit of a stretch to call this “scareware,” since malicious software isn’t involved in this social attack strategy. But, it does rely on scaring the target into giving up sensitive information or giving the attacker access to sensitive systems, so it’s important to recognize attacks like this. Here, the attacker calls their target while posing as a tech support agent (or law enforcement), claiming that “suspicious activity has been traced to your computer.” From there, the attacker attempts to convince their target to give them access to their computer or user account remotely. Once the target has been duped, the attacker uses their newfound access to commit further fraud.

How Can You Resist Scareware Attacks?

The first thing to remember to stop scareware from working is to always be skeptical of emails, pop-ups, and sudden phone calls claiming that there’s “suspicious activity” or malware on your computer. Taking a moment to investigate the claim and verify the identity of the sender can often easily reveal a fraudulent message.

In the case of popup ads posing as malware alerts, be careful to never click on the ad. In many cases, the whole window is a link to actual malware. Instead, open the task manager and cancel the process. With luck, this can prevent the download of malware.

After any suspected scareware interaction via email or online pop-ups, it’s important to:

  • Isolate the affected device (turning off Wi-Fi, unplugging the Ethernet cable, etc.);
  • Run a full virus scan or turn the device into the IT/network security team for malware removal; and
  • Restart the device and re-check for malware.

Consumer or commercial-grade antivirus/antimalware programs can also help to prevent scareware attacks from forcing a download of malware or viruses. However, it’s important to check the style and appearance of the antivirus program’s alert messages to avoid being tricked by scareware popup ads that might try to imitate them.

Need help setting up a cybersecurity strategy that can counter scareware and other cyber threats? Reach out to the Compuquip team to get started!

threat-management-incident-response-services

cdo-guide-to-omnichannel-security