Social Engineering: What is Scareware?


Table of Contents

Share this article:

Scareware is a social engineering technique that aims to scare the victim into believing they have a virus on their device and should buy or download specific software. As many social engineering techniques. It’s based on human emotions, as it is used to scare someone and trick them into downloading malware.

Mailfence - Get your free, secure email today.

4.1 based on 177 user reviews

Mailfence - Get your free, secure email today.

4.1 based on 177 user reviews

What is Scareware?

If you ever saw a pop-up on your screen saying something like “Warning! Virus Alert!” or “Warning! 5 Virus Detected!”, that’s scareware in action. The idea of scareware is to convince the user through fear that their device is infected with a virus (or several) and that they should take immediate action and download or purchase the malicious software.

Scareware, which is a combination of the words “scare” and “software” plays on human emotions and reactions.

However, unlike baiting, which promises to reward the user, scareware looks to build anxiety and fear to manipulate the user. Also, unlike smishing, which uses SMS, scareware works across devices and on both desktop and mobile.

Examples of Scareware

  • In 2009, Mac users began receiving scareware to purchase or download fake antivirus software such as Mac Security and MacDefender. This scam was later tied to the Russian online payment system ChronoPay.
  • In 2010, a Best Western ad was used to redirect visitors of the Minneapolis Tribune website to fraudulent websites, which infected their devices with malicious software.
  • A scareware campaign from 2009 to 2016 targeted OfficeMax and Office Depot customers to convince them to buy a repair service following a fake PC Health Check “warned” them that their devices were infected with a virus. Because of this, Office Depot had to pay $35 million to the Federal Trade Commission (FTC) for deliberately tricking its customers.

How to Spot Scareware?

Scareware typically comes in the form of a pop-up that is made to look like it comes from a software company, and it has five common red flags:

  • It comes from a software company you’ve never heard of.
  • Somehow, the software has already scanned your device and detected all these viruses.
  • Good luck closing the pop-up window, as the closing button (x) is either well-hidden or hovering the mouse close to it will open a new pop-up over the previous.
  • You “have” to act fast! There’s usually a big red button (sometimes flashing, just in case you’ve missed it somehow) that will tell you to “download now!”
  • The pop-up headline will always be something like “Warning!” or “Virus Detected!”

How to Avoid Scareware?

Knowing how to spot scareware is the first step in avoiding it. Here are some additional tips:

1. Do Not React Immediately to the Pop-Up

The attackers are trying to play on your emotions and are using scare tactics to manipulate you into making a hasty decision. They’ll also do in another social engineering attack, called whaling. Do not react immediately. Instead, take a deep breath and slow down.

2. Think Rationally

Read between the lines. There is much more to the “warning” that pops up on your screen than meets the eye.

For instance, have you ever heard of this particular software security before? Know that legitimate companies, like Norton, Kaspersky, and others will never, NEVER do something like this.

Also, how is it possible that they already scanned your device and detected those viruses if you never interacted with them or their software in the first place?

Usually, you have to download the antivirus software on your device and tell it to scan for malicious software. Even then, a virus scan can take anywhere from a few minutes (for a quick scan) up to several hours, sometimes (for a full scan).

Don’t click on a button or a link just because it says “click me!”. If you are unfamiliar with this company or the URL looks suspicious, it will likely lead you to a malicious website or download infected software on your device.

4. Don’t Close the Notification, Close the Tab or the Browser instead

Lots of scareware pop-ups use a fake Close or X button that clicking on will actually download malware on your device instead of closing it. This is called Clickjacking.

To avoid this, close the tab with the pop-up or even the entire browser instead.

5. Use Firewalls, Pop-Up Blockers and URL Filters

Use these three to stop pop-ups from appearing on your screen and facilitate this social engineering attack.

6. Use Only Legitimate Security Software

Again, legitimate security software companies will never send you pop-ups like these, even more so if you are not their user.

Use trusted antivirus software to regularly scan and remove viruses from your device instead of believing that a random pop-up magically detected a virus (or 50) on it.

Learn more on how to protect your computer effectively.

How to Remove Scareware?

If you skipped all of the above and still downloaded the scareware, don’t worry, you can remove it.

First of all, how can you tell if you have scareware on your computer?

  • Your device starts to run much slower than normal
  • Unwanted pop-ups and ads start appearing on your screen
  • You can’t install a legitimate security software

Having a legitimate third-party antivirus tool is crucial to remove scareware from your device. Indeed, it can detect and clean up the infection that the scareware caused in the first place.

Once your device is free of actual viruses and malware (and not the fake ones that the scareware told you about), you can eradicate the offending program from your device.

On Windows PC:

  1. Open the Control Panel.
  2. Select Programs.
  3. Find the scareware application and right-click on it. Common ones include Mac Defender and PC Clean Pro. Sometimes they’ll even use knock-off names of legitimate tools like MS Antivirus (copies the name of Microsoft Antivirus).
  4. Select Uninstall.

On Mac:

  1. Go to the Finder window.
  2. Open Applications.
  3. Find the scareware program and either right-click on the icon and select Move to Bin or drag and drop the icon to the bin.
  4. Right-click on the bin icon and select Empty Bin.

Final Thoughts

Like many other social engineering attacks, scareware is also trying to manipulate you into making a panicked and urgent action. We’ve gathered the most efficient tips to avoid social engineering. Educating yourself is the key to recognize those techniques. That’s why we’ve created a security and privacy awareness course.

Always trust only legitimate security programs and companies, like Mailfence, which supports end-to-end encryption and 2FA. Know how to protect your computer and protect your data from hackers. As emails are the perfect gateway for hackers, registering with a secure and private email provider is the first step to regain the security and privacy you deserve.

Reclaim your email privacy.
Create your free and secure email today.
Picture of M Salman Nadeem

M Salman Nadeem

Salman works as an Information Security Analyst for Mailfence. His areas of interest include cryptography, security architecture and design, access control, and operations security. You can follow him on LinkedIn @mohammadsalmannadeem.

Recommended for you