What is Scareware? Demystified and Explained

September 13, 2019 by Ali Zafar

Social engineering attacks come in different shapes and sizes. Scareware is just another scheme of a hacker with ill intent to execute a social engineering attack. Scareware is a malware tactic that manipulates user into purchasing and downloading sometimes, useless piece of software.

How is scareware executed?

How do the perpetrators achieve the goal? In some cases they leverage the curious nature of the human being. While in others, they straight up just trick people into believing something that doesn’t exist. Not everyone can comprehend the difference between a real threat versus a fake one.

The attacks are executed on client-side inside the browser. It is a pop-up ad, screaming red alert “your system is infected”, compelling you to purchase and download the stated software to remove the malware. 

The goals behind an execution of a scareware attack may vary. It could potentially mean anything, from selling useless software, to the installation of malware that holds the capabilities to expose sensitive information. Scareware is also notorious for infecting computers with ransomwares. A malware that holds your data hostage until you pay a hefty amount.

Examples of scareware

In 2010, the website viewers of the Minneapolis Star Tribune started seeing Best Western ads that were a part of a malvertising campaign, which was redirecting users to fraudulent websites and infecting them with malware. 

The users noticed pop ups stating that they were infected and had to download a premium software that would cost them $49.95.Needless to say, the crew behind the campaign was arrested and they already had profited with over $250,000 in the bag.

A similar case occurred recently, in March 2019. Office Depot and it’s tech-support vendor company Support.com were fined a whopping amount of $35 million. They were allegedly deceiving customers into downloading a “PC Health Check Program”, the software was used to sell diagnostic and repair services to customer that didn’t need them.

In this scenario the outcome of the scareware is different. It isn’t a piece of malicious software. However, this also means that if the user really requires those services, the piece of software will not be considered a scareware.

Scareware prevention

The best way to tackle scareware attacks is to stick with known and up to date software. The second approach that you can work towards is to develop an anti-click reflex. Do not just go clickety-clacky once you find out there are popups in your browser window trying to get you to download free software.

We all love freebies, especially when the freebie will help you solve a problem. Downloading freebies from an unknown platform, that screams suspicious. If you do not click, there’s a chance that you might not get affected at all. All you have to do is close the browser window and all your problems will vanish just like that.

Scareware as the name states uses fear to manipulate humans into doing what the hacker wants. If you’ve an anti-virus and pop-up blockers and url-filters up and running on your PC, there’s no need for you to worry that you’re infected. It’s a blatant lie, your software is doing its job perfectly.

As mentioned above, anti-viruses, pop-up blockers url filters and are the way to go to prevent and mitigate scareware. Anti-viruses can deal with ransomwares, pop-up blockers will prevent those alerts from popping up in the first place, url filters will also prevent your network connection from landing on those malicious pages.

Scareware removal and recovery methods

Scareware utilizes JavaScript in browsers to bring up pop ups. As stated many times before, Scareware leverages browser and your internet connection to try and manipulate you. If you accidentally land upon a web-page that’s screaming all sorts of errors, do yourself a favor and just close the tab.

In any case, whether  a scareware executes a ransomware attack or just asks you to download a software. You’ll probably experience a lot of ads on your computer system. Which will of course make it slow, unbearable to use. You’ll have to choose a third-party solution. 

Solution 1: A third-party solution to this would be an Antivirus that can search and destroy the remnants of that malware on your system and restore it. The last thing that you can do is, update your operating system along with all your installed software to the current security patches.

Solution 2: Updates patches vulnerabilities which makes it harder for the attacks to succeed. Even though its a lengthy process, it is recommended that everyone should go through it frequently. With the internet speeds of this era, I do not think that it’ll take that much time to download and install the updates.

Conclusion

Scareware are scary and can make your heart skip a beat, if there’s sensitive information on your computer. Sometimes they can be lethal to your data and sometimes they won’t be. However, if you have protection software installed there’s no need for you to worry, you are immune to such attacks.

The implementation of these attacks makes them basic. Anyone with a strong presence of mind won’t fall for them. Needless to say, now you know what steps to take if you’re against a potential scareware malware.

Leave a Comment