Scareware is a type of cyberattack that involves hackers scaring people into downloading malware by clicking on malicious links or visiting infected websites. For example, many hackers use scareware to scam users into thinking that their devices are infected and make them buy scam software for protection. In most cases, hackers initiate their scareware attacks by displaying fear-inducing messages as pop-ups on the users’ screens, with text that tells them that they are under attack or have been infected with malware and need to act now. In reality, the scam software that users download from these pop-ups is malware that is programmed to steal the user’s personal data.
Hackers also distribute scareware via spam email and notifications, which appear on your screen from nowhere and in large quantities, offering you software and services from rogue security companies. So if you suddenly start receiving emails or see banners on your screen telling you that your device has malware on it and offering you software to remove it, then you are most likely the target of a scareware attack.
Examples of real-world scareware attacks
- In 2010, The Minneapolis Star Tribune newspaper unknowingly began placing scareware pop-ups on its website as Best Western Hotels ads, which redirected visitors to fake websites that infected their devices with malware.
- In 2019, Office Depot and Support.com paid a settlement of $35 million because they admitted to knowingly offering a fake antivirus program to their customers by sending them messages that their devices were in danger. They used scareware to steal valuable information from the victims and sell it to other companies.