What is Scareware?

Scareware is malicious software that tricks users into thinking their computer is infected with a virus or facing some serious problem. It displays alarming pop-up messages, often claiming to offer (unnecessary) security solutions. The goal is to scare people into taking actions that benefit the scammers, such as buying fake antivirus programs or revealing valuable personal information.

The tactic is often part of a wider cyber-attack that incorporates spoofing and social engineering techniques to increase the sense of urgency. Scareware preys on fear and exploits the user’s lack of knowledge about computer security to deceive them and drive them towards the hacker’s desired outcome.

How to recognise scareware

Scareware often appears as intrusive pop-up windows on computers and mobile devices. These messages use fear and urgency to deceive users, claiming the device is infected or that personal information is at risk – which “scares” and pressures the victim into taking immediate action.

Real security alerts typically come from reputable antivirus software or operating systems, and are displayed within the program’s interface or system notifications. They provide detailed information about the issue and offer calm solutions without demanding immediate purchases or downloads.

Scareware notifications may sometimes mimic the appearance of real security notifications. However, there are some common ways to spot the difference. Some red flags to look out for include:

  • Exaggerated language
  • Alarming warnings
  • Aggressive urgency
  • Exclamation marks
  • Incorrect use of names
  • Misspellings

Difference between scareware and ransomware

Scareware and ransomware are both types of malicious software, but they have different objectives and behaviours.

  • Scareware

Scareware tricks users into purchasing unnecessary software or divulging personal information. Its goal is to exploit fear and lack of knowledge to generate profit through fraudulent means. However, scareware itself is usually only part of a cyber-attack. Like phishing techniques, if the user takes no action from it, then it usually has no adverse effect.

  • Ransomware

Ransomware, on the other hand, is a type of malware that encrypts files on a victim’s computer or network, rendering them inaccessible. It then demands a ransom payment in exchange for the decryption key. Ransomware is actively designed to extort money from individuals, businesses, or organisations by effectively holding their data hostage.

Learn more in our Ransomware Guide.

Famous scareware attacks

  • “WinFixer” scareware attack: WinFixer, also known as ErrorSafe, was a notorious scareware program that emerged in the mid-2000s. It disguised itself as a legitimate Windows system tool and displayed pop-ups claiming to detect critical errors on the user’s computer. Users were prompted to purchase the full version of the software to fix the reported issues. However, the program was ineffective and only aimed to extort money from unsuspecting victims.
  • “MacDefender” scareware: MacDefender targeted Apple Mac users in 2011 and was one of the first notable scareware attacks on the macOS platform. It used SEO poisoning techniques to manipulate search engine results, leading users to malicious websites where MacDefender automatically downloaded and installed itself. The scareware then displayed fraudulent virus alerts, urging users to purchase a fake antivirus software package to remove the non-existent threats. Apple later responded by releasing security updates to combat MacDefender and its variants.

  • “Cryxos” malware: The Cryxos scareware campaign emerged during the COVID pandemic in 2020, targeting Windows users. The attack took advantage of the heightened anxiety and remote working conditions of the pandemic to deceive and exploit unsuspecting victims. It displayed alarming pop-ups, falsely claiming severe security threats related to the pandemic. Exploiting these fears, Cryxos urged users to purchase fake security software to address these non-existent threats.

How to get rid of scareware

If you suspect there is scareware on your device, you should remove it immediately.

  1. Delete the file. Start by deleting the original download file. You can usually find this in your Downloads folder.
  2. Run a scan on your antivirus software. Reputable antivirus programmes will help flush out any hidden files and thoroughly remove any traces of the scareware.
  3. Uninstall any suspicious or unfamiliar programmes. Go to your Control Panel (or ‘Applications’ on Mac) to find anything unusual.
  4. Update. Check to make sure you’re running the latest versions of your operating system and applications. If not, install any available updates immediately, as these may include security patches for known vulnerabilities.
  5. Clear your browser cache and cookies. You may also have to reset your browser settings if the scareware has altered them.

How to prevent scareware

Prevention is better than cure, and the best way to fight scareware attacks is to avoid them in the first place. Here are some steps to help protect yourself and your business:

  1. Keep your operating system and applications up to date. Regularly update your operating system, web browsers, and other software with the latest security patches. You should also enable automatic updates to ensure you’re protected against emerging threats.
  2. Enable pop-up blockers. Scareware attacks often use pop-ups to deliver their message, so configuring your web browser to block pop-up windows can save a lot of time and.
  3. Exercise caution while browsing. Be cautious about clicking on pop-up ads or suspicious links on any email or website. If you’re unsure, close the browser manually via your system’s Task Manager – don’t use the ‘Close’ or ‘X’ button on the pop-up.
  4. Be wary of alarming messages. If you receive with exaggerated warnings or urgent demands for immediate action, stay calm. Breathe and think carefully. Avoid clicking on any links until you’ve verified the claims.
  5. Backup your data regularly. You should regularly backup your important files and data to an external device or secure cloud storage. This is good practice and can help restore your files if you do accidentally click the wrong thing.
  6. Educate yourself and your employees. Training plays a crucial role in raising awareness and equipping your employees to correctly identify and respond to potential cyber threats. Phishing Tackle’s security awareness training provides comprehensive material that will educate your staff on all types of cyber-attacks – including scareware – to help build your defences and protect your business.