What Is Scareware?


Imagine you’re browsing the web when you unexpectedly get a warning that your machine has been infected with several viruses! The message appears to be genuine, and it claims that by using their antivirus programme, the threats can be removed. In fact, it merely permits the installation of useless or malicious software on your computer. This is only one of the scareware situations that users have come across over time.

But what exactly is scareware? What’s more, why is it something that all internet users should be aware of?

What Is Scareware ?

Scareware refers to phishing scams and bogus software programmes used by cybercriminals to instil fear and panic in their victims. They do this to manipulate users into making unreasonable split-second decisions, such as:

To force their targets to act, scareware scammers use social engineering techniques and language that generate a sense of urgency in their targets. But how do they find their prey? They sometimes rely on pop-ups that appear to be antivirus warnings. The messages can take over part (or all) of the target’s screen in some cases.

Scareware messages are often related to bogus antivirus software and tech support scams. They deceive people into believing that their gadgets (computers, tablets, and cell phones) are contaminated with malware.

But, in today’s world, how big of a problem is scareware? Although scareware has declined as ransomware has grown in popularity, the FBI’s Internet Crime Complaint Center (IC3) estimates that computer support fraud is on the rise, with 13,633 complaints and losses totaling more than $54 million in 2019. In the same year, the IC3 records $2,009,119 in damages directly related to “Malware/Scareware/Virus.” For many people, this also equates to a lot of anxiety.

What Does Scareware Do?

The app does little at best and “just” costs you the money you paid for it. However, the app often causes harm by installing malicious software that:

  • Command your computer,
  • spy on you,
  • cause data theft, or
  • result in additional financial losses.

Any scareware allows the user to download the app. Others can download without the user’s permission or awareness. But why are we doing this in the first place? The scareware can be used to achieve any of the following goals:

  • To convince people to purchase non-functional rogue apps.
  • To convince people to instal the app, which is infected with malware.
  • To commit more financial fraud or identity theft-related crimes by stealing the victim’s payment card number, bank account details (which they used to buy the software), or personally identifiable information (PII).

Let’s look at a few scareware examples to help address the question “what is scareware?”

Scareware examples include: How Does Scareware Appear?

When scareware malware is mounted on a computer, it remains inactive for a period of time before analysing the user’s activities. It begins to show to users fake malware threat pop-ups that appear to be coming from Windows/iOS or their current antivirus programme. This is how the pop-up could appear:

The pop-ups can include a “clickjacking” feature. If a user clicks the “cancel,” “close,” or “X” buttons to close the scareware window, they will be redirected to an infected website or malware will be downloaded automatically.

Scareware of various kinds may also:

  • Make adjustments to the device’s internal settings.
  • Change the wallpaper on your desktop.
  • Make the device sluggish or redirect users to malware-infected websites as soon as they open the browser.

When users detect some of these changes, they become worried and suspect their machines have been compromised, so they follow the instructions in the pop-up window to try and address the issue.

However, as we previously said, scareware could also be found on third-party platforms such as websites or smartphone applications. That means you could see a scareware pop-up when you visit a website that tries to persuade you to download a scareware app to your smartphone. The advertising could be a tiny dormant banner or it could take up the entire screen, preventing you from accessing the website’s content.

Scareware Examples

Although the scareware programs’ goal is the same (i.e., to scare users in order to defraud them or get them to download malicious software), each scareware program is made differently. This is the list of all scareware examples: smithtechres.com/fake-antivirus-and-antispyware.html

Some past popular scareware examples of fake antivirus and anti-malware solutions include:

  • SpySheriff
  • XPAntivirus/AntivirusXP
  • ErrorSafe
  • Antivirus360
  • Antivirus2009
  • PC Protector
  • Mac Defender
  • DriveCleaner
  • WinFixer
  • WinAntivirus
  • Spyware Protect 2019

Scareware Examples That Have Made Major Headlines

Cybercriminals and legitimate companies have both used scareware to trick consumers and buyers into installing or purchasing apps they don’t need. Find the following examples:

Support.com and Office Depot Commit a Decade-Long Technical Support Scam

Although you might expect cybercriminals to use devious tactics, you wouldn’t necessarily expect the same from a legitimate business like Office Depot. According to the Federal Trade Commission, Office Depot and tech service firm Support.com, Inc. were forced to pay a total of $35 million in 2019 settlements with the FTC. The settlement was intended to compensate customers for fraudulent services they received over the course of nearly a decade.

According to BleepingComputer, the company required its employees to run a rigged PC diagnostics check known as PC Health Check, which allowed them to sell “unnecessary tech repair services.” Furthermore, workers were required to meet “regular targets for PC repair services.” If users indicated any of the following, the alerts will be activated:

Scareware attacks are carried out using the Minneapolis Star Tribune website by a hacker.

Between May 2009 and June 2011, Latvian national Peteris Sahurovs pleaded guilty to being a part of a scareware hacking scheme, according to the US Department of Justice. Part of the time was spent offering technological support for the scheme that targeted visitors to the website of the Minneapolis Star Tribune. For his years of involvement in the programme, Sahurovs confessed to earning upwards of $250,000 (US dollars).

As the DOJ reports:

“According to admissions made in connection with his plea, from at least May 2009 to June 2011, Sahurovs operated a “bullet-proof” web hosting service in Latvia, through which he leased server space to customers seeking to carry out criminal schemes without being identified or taken offline.  The defendant admitted that he knew his customers were using his servers to perpetrate criminal schemes, including the transmission of malware, fake anti-virus software, spam, and botnets to unwitting victims, and he received notices from Internet governance entities (such as Spamhaus) that his servers were hosting the malicious activity.  Nonetheless, Sahurovs admitted he took steps to protect the criminal schemes from being discovered or disrupted and hosted them on his servers for financial gain.”

ChronoPay is linked to a large-scale scareware campaign.

ChronoPay, a company headquartered in the Netherlands that was once hailed as Russia’s largest online payment processor, has been linked to a number of scareware schemes. This includes scareware aimed at Apple users, such as MacSecurity and MacDefender.

According to a study by Brian Krebs of Krebs on Security, ChronoPay was a major player in the overall fake antivirus and scareware business. ChronoPay not only managed payments for a range of well-known and contentious scareware and bogus antivirus firms, but they also paid for their support and hosting. According to Krebs, who claims to have seen leaked ChronoPay documents, the documents reveal that ChronoPay owned several of these scareware companies and paid for their domain names and other operations.

ChronoPay used the following businesses and domains:

  • Martindale Enterprises Ltd.,
  • Shield-EC,
  • Trafficconverter.biz,
  • Pandora Software and its tech support company Innovagest2000,
  • Yioliant Holdings,
  • Flytech Classic Distribution Ltd.,
  • Creativity-soft.com, and
  • Software-retail.com.

How Does Scareware Work?

Do you have any idea how a scareware scam works? Essentially, it means using social engineering methods to convince people to download or purchase apps. Now, the app may be harmless, but it could also be outright nasty and malicious in some situations. In any case, the aim is to evoke fear and a sense of urgency in order to convince victims to pay the scammer or instal software.

Here are some of the most popular scareware attack and malware delivery methods used by scareware operators (hackers):

  • Pop-ups: As we’ve already stated, cybercriminals often use pop-up notifications and warnings to spread scareware.
  • Malvertising is a term that refers to deceptive advertisements. Hackers use third-party ad distributors to view fake or malicious advertising on websites in the case of scareware (with or without their knowledge).
  • Malvertising was used by cybercriminals to spread different forms of malware, including scareware, which showed fake antivirus ads on well-known websites and apps.
  • Downloads/Installations: The hackers entice the victims by offering freebies — such as apps, songs, photos, videos, PDF files of famous books, and so on — and then instal scareware malware on their computers. They can also create clones of common apps and software in order to trick users into installing them instead of the originals.
  • Phishing Emails: The intruder sends you a phishing email telling you that your computer has been compromised and offering you rogue antivirus software or tech support. They could even send you emails pretending to be from a corporation or a person you know, with the scareware malware attached. The file appears to be a harmless sales receipt, transaction record, company file, or free media file. When you click on it, however, scareware is installed on your computer.
  • Infected Websites: Attackers build websites that entice users to visit them, and when they do, scareware pop-ups take over the computer.

What Happens to the Scareware Victims?

Let’s see what happens if you’re the victim of a scareware attack.

1. You get a piece of software that is absolutely useless. Okay, while it’s not perfect, it’s not as grim as some of the other situations we’ll explore later. You end up paying for bogus and useless software that doesn’t perform any of the advertised malware detection and removal services with this sort of scareware.

2. You pay for phoney technological assistance. You will call the number provided, and they will provide a fake virus removal service (fake because your PC was never infected in the first place), for which you will be charged.

3. Your payment card information is compromised by cybercriminals. When you pay for the bogus antimalware programme or tech support, the hacker steals your credit card number or bank account information. They will use this information in the future to commit financial fraud.

4. Your personally identifiable information is stolen by cybercriminals (PII). You may be asked to fill out a form with your PII, such as your name, phone number, physical address, email address, date of birth, and the type of computer you are using, before purchasing the fake software or service. On the darknet, hackers often gather this information and sell it to advertisers or other hackers.

5. Malware is installed on your computer. This case, like the previous one, spells disaster for you. The bogus antivirus software may be a malicious trojan horse in and of itself. Cybercriminals will use it after you instal it on your computer to:

  • Using your computer as a botnet to carry out other forms of cybercrime.
  • Install spyware that takes screenshots of your activities and threatens to leak your personal details if you don’t pay the ransom money.
  • Take your passwords and other personal information.
  • Install ransomware on your computer, which encrypts your data or locks your device, then demands a ransom to regain access.
  • Malware can spread to your other files, apps, programmes, and operating system.
  • Infect other linked IoT devices on your network by spreading the virus through your Wi-Fi.
  • Using your email client to send a phishing email to all of your contacts.
  • Using your social media accounts to send malware-laden attachments to your friends or to request money transfers from your accounts.

How to Protect Yourself Against Scareware

Follow these steps if you encounter scareware.

1. Install Robust Security Software on Your Device

Your first line of protection against scareware is security software (such as antivirus, antimalware, antispyware, firewall, and so on). It runs a real-time scan of your computer, detecting and removing a variety of malware, including scareware. When you try to access a scareware-laden website by mistake or on purpose, good security software blocks them and downloads or displays a warning notification.

2. Use Common Sense

You shouldn’t immediately believe a pop-up window, an email, or an ad banner warning you that your computer is infected with viruses. Even if you see signs of malware infection, never download or instal any unknown protection software or call a tech-support number based on pop-ups. Instead, just use reputable and trustworthy antivirus programmes like Comodo Antivirus to download and search your computer for free.

3. Close the Window and Quarantine Your Device

To close the window, do not use the “X,” “cancel,” or “close” keys. It’s possible that it’ll start downloading malware on its own. Instead, click Ctrl-Alt-Delete to close your tab. If you can’t get rid of a scareware window, turn off Wi-Fi and all other linked IoT devices on your computer (like your printer, scanner, router, etc.). Then, boot into safe mode and search the computer with a reputable antivirus programme. If that doesn’t work, you can take your computer to a reputable tech-support centre or a local professional.

4. Wipe Your Device’s Memory

This should be your last resort, and you can use it if your computer is infected with scareware. Use it if the scareware infection has spread to the point that you are unable to open any files, browsers, or gain access to anything, and your protection software and tech support professional have failed to fix the issue. By deleting the device’s memory, you will lose all of your device’s saved data and will be unable to recover anything. However, you will be able to erase all scareware traces and save your computer on the other hand.

To restore factory settings to your handset, select the phone manufacturer and follow the reset instructions:

  • Motorola
  • Galaxy
  • Samsung
  • Apple
  • Nokia
  • Nexus
  • Sony

Final Words on Scareware

Not everybody is computer knowledgeable or aware of the numerous cyber threats that exist. However, now that you’ve read this post, you’re aware of what scareware is and that if you see a possible scareware warning, you shouldn’t panic or make a decision based on fear. The best way to combat scareware is to:

Be alert, and use a good antivirus/anti-malware solution to prevent clicking on or otherwise dealing with unsolicited messages or pop-ups.

Share this article with your friends and family so they understand what scareware is and can investigate scareware examples and take rational action if they come across these scam tactics.

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.