When we’re scared, we often act irrationally and make decisions we won’t normally make. Cybercriminals know this and don’t hesitate to exploit one of the strongest and most unpleasant emotions – fear – to fulfill their sinister plans. Their tool of choice is scareware.
Table of Contents
What Is Scareware?
Scareware (also known as deception software or fraudware) is malicious software that uses social engineering tactics to deceive users. This malware is not technically advanced, so it attempts to scare users into taking actions that seem helpful but are harmful.
Example
It may trick you into downloading and installing a malicious program disguised as legitimate antivirus software.
What makes scareware attacks unique compared to other cyberattacks is their severity depends almost entirely on how users react to them. A user that recognizes a scareware attack for what it is, remains calm, and takes appropriate steps to contain it is unlikely to suffer any damage.
On the other hand, a user that falls for the attack and does exactly what the attacker wants them to do may be in for a lot of trouble.
How Does Scareware Work?
Most scareware attacks follow a similar pattern. They start with a sudden and urgent pop-up message, warning you about a malware infection.
This message may mimic similar messages displayed by legitimate anti-malware programs, and it may contain flashing images to attract attention. The most invasive scareware attacks make it difficult for users to close the messages they display.
In addition to warnings such as “You’re computer is infected!” or “Your data will be encrypted!” scareware pop-up messages contain a link to a solution. The way out of this situation can be anything from an antivirus program to remote assistance provided from remote access software like TeamViewer.
However, the suggested solution will not solve the (alleged) issue because there’s no issue to begin with. In fact, it may do the exact opposite – such as infect the target user’s device with extremely dangerous ransomware or give the cybercriminals remote access to sensitive personal information.
In some cases, the provided solution isn’t free, and the goal is to make money by selling you useless software or services.
Scareware vs Ransomware
The line between scareware and ransomware is a bit blurry. For example:
- Virtually all ransomware attacks display a scary ransom message, informing their victims that their data have been encrypted.
- Some scareware attacks are designed to trick users into downloading ransomware disguised as legitimate software.
The biggest difference is that scareware is a social engineering attack that’s not capable of causing damage unless it successfully manipulates the target user into doing something that goes against their best interest.
Ransomware, on the other hand, can render entire clusters of computers useless on its own.
Examples of Scareware
1. NightMare
The first documented example of a scareware attack happened in 1990, and it was a program called NightMare by Patrick Evans. Like many malicious software programs back then, it wasn’t designed to steal money or encrypt data. Its only goal was to scare Amiga users by displaying an image of a skull with blood gushing out of a bullet hole. The screeching sound effect played together with the image is likely responsible for several spilled cups of coffee.
2. Best Western Ad Mishap
Two decades after the original scareware attack, Minneapolis Star Tribune newspaper began serving ads for Best Western. The ads led to websites infested with fake Windows support pop-ups and messages which attempted to scare users into purchasing antivirus software to clean their computers. The person behind this scareware scheme made between $150,000 and $250,000 before his arrest.
3. Office Depot Scareware Allegation
Because of how profitable fear-based sales tactics can be, legitimate companies have been accused of using scareware to increase their profits. Between 2009 and 2016, Office Depot and California-based Support.com were aggressively pushing their diagnostic and repair services via a free “PC Health Check Program.” The FTC alleged that the services were not needed in many cases, and the two companies eventually agreed to pay $35 million to settle the claim.
How to Prevent Scareware
Now that you know what scareware is and how it works, let’s discuss what you need to do to successfully prevent it. Like with other social engineering attacks, scareware prevention is all about responsible user behavior.
These are some of the most important actions users should and shouldn’t do to avoid scareware attacks.
1. Avoid shady websites.
Your chance of encountering a scareware attack can go down dramatically if you avoid suspicious websites. Better yet, block malicious websites at the DNS level so that you can’t visit them even by accident.
2. Never click on malware notifications.
Random websites displaying fear-inducing malware notifications should never be trusted because they are guaranteed to be fake.
3. Block ads and pop-ups.
Online ads and pop-up messages are how most scareware attacks start. By blocking them, it becomes less likely for users to be exposed to them.
4. Use an up-to-date web browser.
Scareware creators sometimes exploit web browser bugs to create pop-up messages that are impossible to close. It is much less likely for such bugs to be present in web browsers that are up to date.
5. Install genuine anti-malware software.
Most reliable anti-malware software solutions can block pop-ups and scareware scams, as well as other types of malware.
How to Remove Scareware
Scareware removal can be tricky because this type of malware is typically designed to be difficult to remove. However, you can usually use this three-step process to get great results:
1. Uninstall the scareware program.
If you’re lucky, you’ll be able to uninstall the scareware program just like any other application.
Common Scareware Programs
- Antivirus360
- DriveCleaner
- ErrorSafe
- Mac Defender
- PC Protector
- Personal Antivirus
- SpySheriff
- Spylocked
- TheSpyBot
- WinAntivirus
- WinFixer
2. Scan your device using anti-malware software.
More persistent strains of scareware remain present and active even uninstalled. By scanning your device using legitimate anti-malware software, you should be able to detect and remove them.
It’s best to boot in safe mode first when scanning Windows and Mac computers. This is because any potential malware will not load in this mode – making it easier to completely remove.
3. Contact an IT specialist.
Once the scareware infection has been contained, you should contact an IT specialist and ask them to verify that the device is safe to use. Until they do so, you shouldn’t trust the device with sensitive data or allow it to connect to the internet.
How Teal Can Help Secure Your Small Business
As a sophisticated provider of managed IT services, Teal can protect your small business against even the most complex cyberattacks (including scareware) by providing 24/7 security monitoring, implementing cutting-edge anti-malware defenses, keeping all your devices and the software that runs on them up to date, and much more.
Contact us today to learn about how we can help you to protect your business from cyber threats.