When we’re scared, we often act irrationally and make decisions we won’t normally make. Cybercriminals know this, and they don’t hesitate to exploit one of the strongest and most unpleasant emotions, fear, to fulfill their sinister plans. Their tool of choice is scareware, malicious software that relies on social engineering tactics to compensate for its lack of technical sophistication.
What is Scareware?
Scareware, also referred to as deception software or fraudware, is a type of malware that uses social engineering techniques to scare users in order to manipulate them into doing something that’s supposedly helpful but actually harmful, such as installing malicious software disguised as a legitimate antivirus program.
What makes scareware attacks unique compared with most other cyber attacks is that their severity depends almost entirely on how users react to them. A user that recognizes a scareware attack for what it is, remains calm, and takes appropriate steps to contain it is unlikely to suffer any damage whatsoever. On the other hand, a user that falls for the attack and does exactly what the attacker wants them to do may be in for a lot of trouble.
How Does It Work?
Most scareware attacks follow a similar pattern. They start with a sudden and urgent pop-up message, warning the target user about a malware infection. The message may mimic similar messages displayed by legitimate anti-malware programs, and it may contain flashing images to attract attention. The most invasive scareware attacks make it difficult for users to close the messages they display.
In addition to warnings such as “You’re computer is infected!” or “Your data will be encrypted!” scareware pop-up messages contain a link to a solution. The solution can be anything from an antivirus program to remote assistance provided via remote access software like TeamViewer.
Of course, the suggested solution will not solve the alleged issue because there’s no issue to begin with—but it may do the exact opposite, such as infect the target user’s device with extremely dangerous ransomware or give cybercriminals remote access to sensitive personal information. In some cases, the provided solution isn’t free, and the goal is to make money by selling useless software or services.
Scareware vs Ransomware
The line between scareware and ransomware can be blurry:
Virtually all ransomware attacks display a scary ransom message, informing their victims that their data have been encrypted.
Some scareware attacks are designed to trick users into downloading ransomware disguised as legitimate software.
The biggest difference is that scareware is a social engineering attack that’s not capable of causing damage unless it successfully manipulates the target user into doing something that’s against their best interest. On the other hand, ransomware can render entire clusters of computers useless on its own.
Scareware Examples
The first documented example of a scareware attack happened in 1990, and it was a program called NightMare by Patrick Evans. Like many malicious software programs back them, it wasn’t designed to steal money or encrypt data. Its only goal was to scare Amiga users by displaying an image of a skull with blood gushing out of a bullet hole. The screeching sound effect played together with the image is likely responsible for several spilled cups of coffee.
Two decades after the original scareware attack, Minneapolis Star Tribune newspaper began serving ads for Best Western. The ads led to websites infested with fake Windows support pop-ups and messages which attempted to scare users into purchasing antivirus software to clean their computers. The person behind this scareware scheme made between $150,000 and $250,000 before his arrest.
Because of how profitable fear-based sales tactics can be, even some legitimate companies have been accused of using scareware to increase their profits. Between 2009 and 2016, Office Depot and California-based Support.com were aggressively pushing their diagnostic and repair services via a free “PC Health Check Program.” The FTC alleged that the services were not needed in many cases, and the two companies eventually agreed to pay $35 million to settle the claim.
How to Prevent and Remove Scareware?
Now that you know what scareware is and how it works, let’s discuss what you need to do to successfully prevent and, in the worst case, remove it.
Scareware Attack Prevention
Like with other social engineering attacks, scareware prevention is all about responsible user behavior. Here are some of the most important actions users should and shouldn't do to avoid scareware attacks:
Avoid shady websites.
Your chance of encountering a scareware attack can go down dramatically if you avoid shady websites. Better yet, block malicious websites at the DNS level so that you can't visit them even by accident.
Never click on malware notifications.
Random websites displaying scary malware notifications should never be trusted because they are guaranteed to be fake.
Block ads and pop-ups.
Online ads and pop-up messages are how most scareware attacks start. By blocking them, it becomes much less likely for users to be exposed to them.
Use an up-to-date web browser.
Scareware creators sometimes exploit web browser bugs to create pop-up messages that are impossible to close. Such bugs are much less likely to be present in up-to-date web browsers.
Install genuine anti-malware software.
Most reliable anti-malware software solutions can block pop-ups and scareware scams, as well as other types of malware.
Scareware Removal
Scareware removal can be a tricky because this type of malware is usually designed to be difficult to remove. However, the following three-step process can usually deliver great results:
Uninstall the scareware program.
If you're lucky, then you'll be able to uninstall the scareware program just like any other application. Examples of commonly encountered scareware programs include Antivirus360, DriveCleaner, ErrorSafe, Mac Defender, PC Protector, Personal Antivirus, SpySheriff, Spylocked, TheSpyBot, WinAntivirus, WinFixer, and others.
Scan your device using anti-malware software.
More persistent strains of scareware remain present and active even uninstalled. By scanning your device using legitimate anti-malware software, you should be able to detect and remove them. When scanning Windows and Mac computers, it's best to boot in safe mode first because any potential malware will not load in this mode, making it easier to completely remove.
Contact an IT specialist.
Once the scareware infection has been contained, you should contact an IT specialist and ask them to verify that the device is safe to use. Until they do so, you shouldn't trust the device with sensitive data or allow it to connect to the internet.
How TechGen Can Help!
As a provider of managed IT services, TechGen can protect your business against scareware attacks by providing 24/7 security monitoring, implementing cutting-edge anti-malware defenses, keeping all of your devices and the software that runs on them up to date, and much more.
Contact us today to learn about how we can help you to protect your business from scareware and other cyber threats.