May 27, 2021

What is Scareware

Scareware is a type of malware attack that claims to have detected a virus or other issue on a device and directs the user to download or buy malicious software to resolve the problem. Generally speaking, scareware is the gateway to a more intricate cyberattack and not an attack in and of itself.

Scareware attacks often begin with a pop up ad that appears to be from a legitimate security software provider or the computer’s operating system. If clicked, the scareware ad will direct the user to an infected website where they are given additional instructions to solve their so-called problem. This may include installing a new tool or program, running a computer scan, entering log-in credentials for more information or uploading their credit card information to continue the recovery process. This will often result in the user inadvertently and unknowingly downloading malicious programs, such as malware, ransomware, spyware, a virus or a Trojan onto their device.

Scareware attacks may also be conducted via email. In this type of attack, cybercriminals, also usually disguised as a fake antivirus software program, send a high-priority or urgent email that requests immediate action by the user. Clicking links within the email, which are often presented as ways to resolve the threat or scan the system, result in the user downloading and installing infected files, malicious code or malicious programs.

Scareware is often part of a multi-prong attack which incorporates social engineering techniques and spoofing to heighten the sense of urgency and drive the desired behavior. Scareware attacks, like many forms of malware attacks, are especially troublesome in that the scammer may gain access to the user’s account information or credit card details, which can put the user at risk of identity theft or other forms of fraud.

Scareware vs Ransomware

Scareware commonly falls into the category of a ransomware attack in that the cybercriminals’ end goal is to have the user download ransomware software. Ransomware is a type of malware that denies access to a user’s system and personal information, and demands a payment (ransom) to regain access.

That said, while some types of scareware lead to ransomware attacks, others are more of a nuisance. For example, these attacks may simply flood the screen with pop-up alerts without actually damaging files.

2022 CrowdStrike Global Threat Report

Download the 2022 Global Threat Report to find out how security teams can better protect the people, processes, and technologies of a modern enterprise in an increasingly ominous threat landscape.

Download Now

What to do in the event of a suspected scareware attack

If you suspect that you are the victim of a scareware attack, it is important to act quickly and decisively to contain the problem. Follow these steps:

  1. Disable WiFi or internet access from the affected device and disconnect it from any network.
  2. If you are using a company-owned device, immediately contact your IT team for further instructions.
  3. Otherwise, launch a full security scan using a reputable antivirus software provider to look for infected files and known threats, such as malware, ransomware, spyware, viruses and Trojans.
  4. Restart the device in safe mode and run the sweep again.
  5. If the scan reveals signs of infection, take it to a licensed and reputable computer specialist. Do not use the computer or mobile device or allow it to connect to a network, even if it appears to be operating normally.

In the event of a scareware attack, users should also take extra steps to safeguard against potentially compromised information. This may include:

  • Changing passwords or other long-in credentials
  • Performing a scan on other personal devices to ensure they were not inadvertently compromised
  • Requesting new credit cards from your bank or financial institution
  • Periodically checking your credit report to ensure you were not the victim of fraud or identity theft

Can scareware be removed?

The best way to prevent a scareware attack as an individual user is through prevention. By recognizing the signs of a scareware scam, it is possible to avoid these cyber threats.

It is important to keep in mind that reputable antivirus software programs typically do not notify customers of a security incident via pop up ad—and none will require the user to share log-in credentials or credit card information within a pop up window.

Many of the tips offered to avoid scareware scams are similar to the best practices used to prevent malware and spoofing attacks:

  • Never click links or download files from pop up ads or unfamiliar email senders.
  • Install a pop up blocker and spam filter which will detect many threats and even stop scareware pop up ads and infected emails from reaching your device.
  • Invest in cybersecurity software from a reputable antivirus vendor and ensure all installations are up to date.
  • Log into your account through a new browser tab or official app—not a link from a scareware alert, email or text message.
  • Only access URLs that begin with HTTPS.
  • Never share personal information, such as account numbers, passwords or credit card details, via phone, email or unsecured site.
  • Use a password manager, which will automatically enter a saved password into a recognized site (but not a spoofed site).
  • Enable two-way authentication whenever possible, which makes it far more difficult for attackers and scareware scammers to exploit.

Preventing scareware attacks at the enterprise level

At the enterprise level, protecting against scareware attacks will be similar to protecting against malware, ransomware and other cybersecurity threats. These attack techniques are constantly evolving, making protection a challenge for many organizations. Follow these best practices to help keep your operations secure:

Train all employees on cybersecurity best practices
Employees are on the front line of your security. Make sure they follow good hygiene practices — such as using strong password protection, connecting only to secure Wi-Fi and being on constant lookout for phishing — on all of their devices.

Keep the operating system and other software patched and up to date.
Hackers are constantly looking for holes and backdoors to exploit. By vigilantly updating your systems, you’ll minimize your exposure to known vulnerabilities.

Use software that can prevent unknown threats.
While traditional antivirus solutions may prevent known scareware and ransomware, they fail at detecting unknown malware threats. The CrowdStrike Falcon® platform provides next-gen antivirus (NGAV) against known and unknown malware using AI-powered machine learning. Rather than attempting to detect known malware iterations, Falcon looks for indicators of attack (IOAs) to stop ransomware before it can execute and inflict damage.

Continuously monitor the environment for malicious activity and IOAs.
CrowdStrike® Falcon Insight™ endpoint detection and response (EDR) continuously monitors endpoints, capturing raw events for automatic detection of malicious activity not identified by prevention methods and providing visibility for proactive threat hunting.

For stealthy, hidden attacks that may not immediately trigger automated alerts, CrowdStrike offers Falcon OverWatch™ managed threat hunting, which comprises an elite team of experienced hunters who proactively search for threats on your behalf 24/7.

Integrate threat intelligence into the security strategy.
Monitor systems in real time and keep up with the latest threat intelligence to detect an attack quickly, understand how best to respond, and prevent it from spreading. CrowdStrike Falcon® Intelligence automates threat analysis and incident investigation to examine all threats and proactively deploy countermeasures within minutes.