What Is Scareware and How to Avoid It?

Quite a few of the people commenting on hacking incidents and data breaches often say that the user is the 'weakest link' in the cybersecurity chain, and we are fully aware that some of you may feel offended by this. Ask the experts, however, and they too will tell you that the 'device' behind the keyboard is indeed the part of the system that gets exploited the most.

More often than not, hackers succeed because they are able to trick users into doing something they shouldn't be doing. Usually, the crooks bet on people's lack of understanding when it comes to the inner workings of a computer, and it must be said that this tactic has proven to be rather effective. Sometimes, however, it is not enough.

To increase their chances of success, crooks frequently put users in a scenario that requires immediate action. People are told that if they don't act quickly, their data will be placed under severe threat, and the bad guys are hoping that the urgency of the situation will make users overlook the often glaring discrepancies that can easily expose the attack for what it is. Scareware can serve as a perfect example of how crooks use the fear factor to exploit innocent users' lack of technical knowledge.

What is scareware exactly?

It's difficult to put scareware under a single definition. Some might say that the sextortion emails that we discussed last year can also be classified as scareware, and there's no denying the fact that whoever is responsible for them relied on people being afraid of having some pretty intimate secrets exposed. The "ware" suffix suggests, however, that scareware should involve some sort of a software application, so today, we'll focus on other scenarios.

Traditionally, the most common type of scareware involves the so-called fake (or rogue) anti-virus programs. Although there have been cases where fake AV products are advertised through unsolicited emails, usually, they are brought to your attention via browser popups.

Fake AVs are pushed either through shady websites or through legitimate ones that have been compromised by hackers. The popups usually come with lots of exclamation marks, warning signs, and flashing images, and they tell you that your computer is infested with all kinds of nasty malware. To fix the issue, you are urged to download a security product you've never heard of which, the ad says, will get rid of all the threats in no time.

Of course, the said security product is neither free nor functional. It will try to convince you that it's working by pretending to scan your hard drive, and it will tell you that it's found a number of malicious files. A couple of clicks later, the app will announce that everything is fixed, which is obviously not the case.

Frequently, the crooks design the fraudulent apps to look like real, reputable anti-malware solutions, and they place logos and "Trusted by…" badges all over them to make them appear legitimate. In reality, even if your computer is riddled with viruses and trojans, the rogue AV app has neither the intention nor the capability of removing it. The purpose of the whole thing is to get you to reach for your credit card and pay a fee for the fake product.

Although the rogue AV apps make up a significant portion of the scareware industry, there are other tactics that also seem to work. The crooks sometimes try to get you to download applications that promise all manner of different functionality. Sometimes, they push completely fake software, and sometimes, they distribute pirated versions of real apps. Occasionally, the malicious programs work as advertised, but they come with extra modules which display notices and warnings that look as if they've been issued by the police or another government agency. They say that some illegal (usually adult) materials have been found on your computer and that you need to pay for breaking the law. If you don't do it, police officers will soon be knocking on your door, and it could all get pretty nasty very quickly. Obviously, none of this is true. The idea is to scare you into paying the fake "fine".

The more aggressive scareware applications of this type might even display full-screen windows in an attempt to convince you that you are locked out of your PC. An expert can get rid of them fairly quickly, but unfortunately, instead of calling one, many victims proceed with the payment because they're too scared of hearing the handcuffs click.

How to stay away from scareware?

It must be said that scareware is way past its heyday now. Rogue AVs, in particular, used to be all the rage in the late-2000s and in the early years of this decade, but they have since been replaced by other, more sophisticated threats. Nevertheless, every now and again, we see a scareware campaign rear its ugly head which is why it might not be a bad idea to know what you can do to protect yourself.

The security rules that everybody must follow anyway should be enough to stop most scareware attacks. These include using a reputable security product, keeping your operating system and software applications up-to-date, and taking advantage of the popup-blocking capabilities of your favorite browser.

It also pays to have a general understanding of what is and what isn't possible while you're surfing the web. You need to bear in mind, for example, that a browser popup can't tell if your computer is swarming with malware. It should also be clear that if law enforcement officers have any suspicions regarding the content of your hard drive, they won't be using your desktop to post shady-looking notes which require you to pay the "fine" in cryptocurrency or gift cards.

It all sounds like common sense when you think about it, but it turns out that it's not as common as it should be. Let's hope this will change.