What is scareware, and how can you remove it?

What is scareware?

Scareware is a form of malware that uses frightening tactics to lure you into purchasing and installing malicious software. It usually appears as an aggressive pop-up or a banner that displays a fake virus scan stating that you have viruses or your system is in grave danger. Then, it prompts you to buy and install some dodgy antivirus program to immediately "solve" this problem.

How does scareware work?

Scareware is usually as predictable as a bad horror movie plot. It will show you random red and flashy pop-ups about dangerous files on your computer, inviting you to download "antivirus software" and remove them. These ads will mimic logos of legitimate antivirus programs to increase your odds of clicking on them. The attackers may even set up an animation of a progress bar, indicating that your device is being "scanned."

Threat actors will use every social engineering and phishing tactic to provoke feelings of panic and fear and make you click on buttons that trick you into buying fake antivirus or malicious software.

Of course, these bogus programs only make things worse. Enter your credit card details into their system or somewhere else after launching the program – done, hackers have your banking information. This malware might track your actions, gather your data, and give it to cybercriminals. It could also zombify your computer and use it to spread malware to people who trust you.

How to identify scareware

Experienced online surfers recognize scareware pretty easily. However, cybercriminals consistently improve their techniques to make it look increasingly convincing. Some scareware even has a designated customer support number. Of course, the hackers will probably advise you to delete your existing security software or update the fake antivirus and then charge you for the upgrade or their help. Below are some of the common characteristics of scareware:

• Annoying, aggressive pop-ups or notifications. They’re usually difficult to close and might take you to a malicious website or even download malware onto your device if you click on them.
• Deceptively familiar names. The suggested programs usually have names you have never heard of but are similar to legitimate applications. Examples include Total Secure, XP Antivirus, Registry Cleaner XP, and Security Toolkit. The fake software might even look like real antivirus software after downloading it.
• Performance problems. Your system may behave strangely after downloading the malware. Your computer may slow down, the number of pop-ups you see increase, and additional unfamiliar programs may appear.
• The downloaded program is very difficult to remove. If you try to quit the installation process, it does not allow you to do so easily and presents pop-ups, returns you to the same window, and crashes your browser or the whole system. If you do install it, it may take nothing short of a system wipe to get rid of it.

Keep in mind that genuine antivirus software will never scan your system out of the blue and display the result in the form of an online pop-up or a banner before you’ve even installed it.

Real-life examples of scareware

While scareware usually targets individual users who aren’t savvy about cybersecurity, corporations aren’t immune to this type of annoying virus either. In 2010, the Minneapolis Star Tribune website got hit with pop-up ads claiming users' devices were infected. These ads redirected users to malicious sites promoting a $49.95 software as the "only way to get rid of a detected virus." Over several months, the attackers pocketed $250,000.

Scareware attacks don’t always come from a hacker hiding in a basement. They can also come from the friendly tech support at your local store. We can look no further than the tech support scam by Office Depot and Support.com Inc. They ran fake PC diagnostics checks and charged customers for fixing non-existent issues. Thankfully, after seven years of scamming customers, they were caught and had to pay $35 million in settlements.

How to remove scareware

If you get hoodwinked, you should react immediately. First, disconnect your device from the internet so the malware doesn’t send your data to the attackers. Then restart it in safe mode to stop the malware from loading. Use a reputable antivirus software to run a thorough system scan and get rid of the scareware. If your system continues to have issues related to this type of malware, contact a professional IT expert. They’ll know what to do.

As soon as the malware is out of your computer system, take care of your accounts to prevent hackers from getting even more of your private data. Perhaps most importantly, change your password to the email accounts linked to your social media and other important online services. Also, don’t forget to change all your bank account passwords if you suspect that your credit card information has been compromised.

How to prevent and protect yourself from scareware

To avoid being affected by scareware, do the following:

• Never click on malware notifications. If your computer notifies you about a system infection and suggests downloading a software solution – don’t. It’s likely a scam.
• Use official sources to download software. Do not click on suspicious banners or pop-ups suggesting programs. Only download software from official, trusted websites. Never open links from sources you don’t trust.
• Act quickly. If an unexpected download starts or a malicious redirect occurs after you attempt to close a pop-up, close your browser immediately. If it freezes, force quit it. Then, remove files that were downloaded or installed and scan your system.
• Get antivirus software. A trusty antivirus will alert you about viruses in your computer system and will come in handy to remove those infections.
• Update your browser. The up-to-date version will more likely have better security against known vulnerabilities.
• Use a package of cybersecurity tools. Get an ad blocker to block annoying pop-ups and ads, and set up a firewall. Make sure the tools are secure and don’t collect your data.
• Use a VPN. NordVPN, for example, offers an advanced feature, Threat Protection Pro, that scans files for malware during download and blocks malicious sites and potentially harmful ads.