Scareware is used to exploit a user’s fear or caution regarding online hazards, to scare and manipulate a person into clicking on a malicious link, or into downloading malicious software. The malicious software is then used to launch a cyber-attack. In short, it literally means to make use of online methods to scare or scam a person into performing an action that will make themselves vulnerable to a cyber-attack.
Scareware is a means to an end. It is the action taken after one encounter scareware that will determine the outcome.
How do scareware scams work?
Apart from getting people to click on malicious links, Scareware can also be used to entice a user into entering personal information, or login details, and in this way steal this information. One of the ways in which this is done is by selling the user useless software and in doing so, obtain the user’s credit card information. This type of software is referred to as rogue software.
The software could also contain malicious software like Trojan Malware, that can be used to compromise your device further. If this happens, one did not only provide the credit card details, but in doing so also installed malware that will lead to further cyber-attacks.
The Scareware Software will typically display a pop-up on the screen of the device. This pop-up will contain a message that will generally warn of a threat like a virus, or a problem on the device that required immediate attention and then offer a solution to solve the reported issue.
Scareware that warns of a virus threat, or viruses found is one of the most common types of scareware.
Where do Scareware Attacks most commonly originate?
Online Browsing
Scareware is most commonly encountered while browsing online. During a session on a website, a pop-up appears, warning of problems encountered and offer a solution. A tell-tale sign is that these are usually in the form of an aggressive pop-up or a banner.
Email is a commonly used delivery system to deliver various forms of malware. Scareware can be delivered in the same way. The malicious link can then either be in the body of the email, or in an attachment.
Characteristics of Scareware
Although the developers of scareware regularly change tactics, in attempts to disguise the scareware, the following are some of the commonly known characteristics. Not all scareware contains these however, because of the wide variety, but these are things to be especially vigilant against.
- The accompanying message is unusually frightful.
- It contains a link to follow, or action to be taken.
- It prompts the user to act with the utmost urgency.
- The name of the software company supposedly issuing the warning is not familiar.
- It will often claim to have scanned the device in an unusually short time.
- The pop-ups are often unusually difficult to close.
Tips on how to avoid scareware
Resist the urge to click.
Do not click unfamiliar pop-ups, especially if it presents with a dire message that urge you to click. Close it immediately. Some scareware is designed to be difficult to close, or to trick you into accidentally follow the link, or starting a download. It is better to close the browser rather than only the pop-up.
Install security software
Ensure that you have legitimate Anti-Virus and Anti-Malware software installed. By installing software from known and trusted security software providers like Norton or McAfee, you can be protected against multiple online threats.
Know your security software
If you familiarize yourself with the security software on your device, you will be better equipped to recognize an unfamiliar pop-up that is not related to your security software. Be especially wary of pop-ups that contain company names that you do not recognize.
Keep your browser updated
Your web browser is your window to the Web. Through this window attacks can also be launched against you, if security flaws in your browser are exploited. Always keep your browser updated, as browsers often include features that offer some protection against the latest threats. An example of such a feature is Google’s Safe Search feature.
Keep pop-up blockers turned on
Pop-up blockers can prevent annoying Pop-ups and can also help to prevent scareware pop ups from being displayed.
Pop-ups can be set under most browser settings.
To go the Pop-Up setting in Chrome:
- Open Chrome.
- At the top right, click “Settings”.
- Under “Privacy and security,” click Site settings.
- Click “Pop-ups and redirects”.