Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

What is scareware?

What is scareware?

Scareware is a social engineering scam that preys on fear to trick people into downloading malware, losing money, or giving away personal data.

 

Understanding scareware

Scareware typically starts with a deceptive message, often as a pop-up window, spoofed text, or phishing email. The hallmark of scareware is its use of scare tactics, such as threats of computer viruses or legal action, to pressure victims into taking immediate action.

These deceptive messages often appear legitimate, using the logos of well-known companies or disguising themselves as system notifications or antivirus program reports. 

 

Types of scareware scams

Fake virus scams

One of the most common tactics employed by cybercriminals is the use of fake virus scams. These scams typically involve pop-up messages that warn users about malware infections on their devices. These pop-ups often mimic the appearance of antivirus software scan reports, making them appear convincing to unsuspecting users. The scammers then direct users to download fake security software, which not only steals their money but may also install additional malware on their devices.

 

Fake tech support

Another popular scareware scam involves scammers posing as tech support personnel from reputable companies like Apple or Microsoft. These scams often begin with a pop-up message instructing the victim to call a phone number for assistance. In some cases, scammers may even cold call their victims. Once the scammer establishes contact, they employ various tactics to trick the user into uninstalling genuine security software and granting remote access to their device. From this point, the scammer can either steal sensitive data from the victim or install malware. 

Tech support scammers sometimes charge victims for fraudulent services, as in the 2019 Office Depot scandal. Employees of Office Depot were found to be running fake scans on customers' computers and using the results to sell unnecessary repair services. This scandal resulted in significant financial penalties for Office Depot and its partner, Support.com.

 

Malvertising

Malvertising is a scam where hackers hijack ads on platforms like Facebook and Google, using them to spread viruses and malware. In the context of scareware, users may encounter an advertisement on a webpage offering free antivirus software. 

 

Law enforcement scams

In law enforcement scams, cybercriminals masquerade as police officers or FBI agents to intimidate and deceive their victims. This scam typically involves a pop-up informing the victim that illegal material has been found on their device. To resolve the supposed issue, the scammers demand payment, promising to make the problem disappear. Sometimes, these pop-ups even lock the victim's screen until the payment is made, adding additional pressure to comply.

Read more: How to guard against scareware

 

How scareware operates

When users follow the instructions provided by scareware messages, several outcomes are possible:

 

Data theft

In some cases, victims are led to scam websites where they enter their credit card information to purchase fake security software. This software is nonexistent, and scammers use this opportunity to steal the victim's data, potentially leading to identity theft.

 

Worthless software

Scareware may also trick users into paying for entirely useless software, except for possibly slowing down their devices. 

 

Malicious software

Scareware can serve as a trojan horse, delivering malicious software like spyware, which secretly collects personal data without the victim's knowledge.

See also: HIPAA Compliant Email: The Definitive Guide 

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.