Take the Scare Out of Scareware
Cyber criminals are as smart as they are wicked, and they've discovered yet another way to fool innocent people. Fake alerts and popup messages called scareware are showing up on computers and mobile devices around the globe.
Scareware is a particularly underhanded form of malware that causes fraudulent warning messages to pop up on your screen. These messages tell you something is wrong, or something bad is about to happen, and that you must immediately take a specific action to make it stop. Other names for this virus include "fraudware" and "rogue scanner software." But no matter what you call it, those phony messages can be terrifying.
What Scareware Looks Like
Scareware messages come in all shapes and sizes. Some messages display alarming security warnings demanding immediate action, while some present more innocent-looking messages that simply prompt you to click "OK" to dismiss.
- An unfamiliar message that tells you your computer is infected, and you must download certain software in order to remove the infection
- A privacy violation warning with a large button prompting you to return to a safe website
- A popup alert that says your credit rating has been jeopardized, and you need to pay for a service to restore it
- A message that pops up and covers the page on your mobile device browser with text such as "Cannot open page" — yet when you click the "OK" button, the popup reappears, making your browser unusable
Sometimes the popups look harmless. In many cases, though, the popup appears to be a serious warning with an urgent message telling you to pay for software or a service to solve the bogus problem. The price tag for the solution is usually a small one, which makes the scam even more believable.
When scareware works, it scares you into following the message prompts and paying for the software or service that promises to clear the error. In the best-case scenario, you've paid for a worthless service. In the worst case, however, you've downloaded more malicious software to your computer, or you've provided your credit card information to criminals.
Scareware is so common, most of us will run into it at some point. The first thing you need to remember is this: Don't panic and remain skeptical.
How to Defend Yourself
No matter how legitimate the warning popup may seem, question anything that asks you to download, install, or pay for anything. Then follow these important steps:
Step 1: Close the browser.
The first thing you should always do when you see a suspicious alert on your computer is to close the entire browser window without clicking anything on the popup.
If the popup is preventing this, instead open your task manager (Ctrl + Alt + Delete on PC, and Command + Option + Escape on Mac) and shut down your browser from there. If this still doesn't work, shut off your computer. When you start your computer again, don't open your browser until you've completed the next two steps.
If the problem is happening on a mobile device, and the popup is preventing you from closing the infected website, follow the manufacturer's instructions for clearing the cache.
Step 2: Run a virus scan.
Once you've closed your browser completely, run a virus scan on your computer using your installed security software.
Step 3: Make sure your operating system is up to date.
Run any pending system updates, then reboot your computer afterward if it doesn't reboot automatically. When you start your browser, decline any prompts that ask you if you want to reopen the tabs you were using before. If the popup returns, clearing the recent history and cache from your browser may eliminate the remnants of the scareware.
An Ounce of Prevention
The best way to avoid malware altogether is to make sure you have installed genuine antivirus and anti-spyware software. However, even paid security software will fail you if you don't keep it updated. Either set it up to run updates automatically, or schedule a time each week to run those updates manually.
In addition to installing security software, be aware of these three things:
- Never open file attachments from someone you don't know.
- Be skeptical of all online offers, particularly those appearing in unsecured (non-https) webpages. If you're concerned a site may be downloading malware to your computer, press ALT-F4 on PC or Command-W on Mac to immediately close the window.
- It is always safest to read emails in plain text instead of HTML.
Cyber criminals may always be trying to fool us, but with a bit of vigilance on our part, we can stay one step ahead of them.
QUICK TIP: Question any warning message that asks you to download, install, or pay for something.