What is Scareware?

Bart Lenaerts-Bergmans - September 30, 2022

Scareware Definition

Scareware is a type of malware attack that claims to have detected a virus or other issue on a device and directs the user to download or buy malicious software to resolve the problem. Generally speaking, scareware is the gateway to a more intricate cyberattack and not an attack in and of itself.

Scareware is often part of a multi-prong attack which incorporates social engineering techniques and spoofing to heighten the sense of urgency and drive the desired behavior. Scareware attacks, like many forms of malware attacks, are especially troublesome in that the scammer may gain access to the user’s account information or credit card details, which can put the user at risk of identity theft or other forms of fraud.

Scareware vs Ransomware

Scareware commonly falls into the category of a ransomware attack in that the cybercriminals’ end goal is to have the user download ransomware software. Ransomware is a type of malware that denies access to a user’s system and personal information, and demands a payment (ransom) to regain access.

That said, while some types of scareware lead to ransomware attacks, others are more of a nuisance. For example, these attacks may simply flood the screen with pop-up alerts without actually damaging files.

2024 CrowdStrike Global Threat Report

The 2024 Global Threat Report unveils an alarming rise in covert activity and a cyber threat landscape dominated by stealth. Data theft, cloud breaches, and malware-free attacks are on the rise. Read about how adversaries continue to adapt despite advancements in detection technology.

Download Now

How to Recognize Scareware Attacks

Scareware attacks often begin with a pop up ad that appears to be from a legitimate security software provider or the computer’s operating system. If clicked, the scareware ad will direct the user to an infected website where they are given additional instructions to solve their so-called problem. This may include installing a new tool or program, running a computer scan, entering log-in credentials for more information or uploading their credit card information to continue the recovery process. This will often result in the user inadvertently and unknowingly downloading malicious programs, such as malware, ransomware, spyware, a virus or a Trojan onto their device.

Scareware attacks may also be conducted via email. In this type of attack, cybercriminals, also usually disguised as a fake antivirus software program, send a high-priority or urgent email that requests immediate action by the user. Clicking links within the email, which are often presented as ways to resolve the threat or scan the system, result in the user downloading and installing infected files, malicious code or malicious programs.

Learn More

Think you could spot a fake email? Read this post to test your knowledge: How to Spot a Phishing Email

Scareware Examples

W-2 Scareware Scam

In 2017 we saw one of the most dangerous email scareware scams in a long time. A fake email from a targeted organization’s executives was sent to someone in the human resources or payroll departments requesting a list of all employees and their W-2 forms. Shortly after the W-2 request is sent, a follow-up email from the same “executive,” and with the same urgency (since the need for rapid resolution is a key component of scareware), asks that a wire transfer be made to a particular account. The two back-to-back requests result in the loss of both the valuable data contained in the W-2 forms, and thousands of dollars transferred into the hands of criminal hackers.

Covid-19 Tech Support Scams

During the Covid-19 pandemic, the increase in office workers transitioning to remote work fueled a rise in tech support scams throughout the United States. These technical support scams use various delivery methods including phone calls, pop-up warnings or redirects; targeting individuals who may not be adept at or self-sufficient in remote computing.

Suspected Attack? Scareware Removal Tips

If you suspect that you are the victim of a scareware attack, it is important to act quickly and decisively to contain the problem. Follow these steps:

  1. Disable WiFi or internet access from the affected device and disconnect it from any network.
  2. If you are using a company-owned device, immediately contact your IT team for further instructions.
  3. Otherwise, launch a full security scan using a reputable antivirus software provider to look for infected files and known threats, such as malware, ransomware, spyware, viruses and Trojans.
  4. Restart the device in safe mode and run the sweep again.
  5. If the scan reveals signs of infection, take it to a licensed and reputable computer specialist. Do not use the computer or mobile device or allow it to connect to a network, even if it appears to be operating normally.

In the event of a scareware attack, users should also take extra steps to safeguard against potentially compromised information. This may include:

  • Changing passwords or other long-in credentials
  • Performing a scan on other personal devices to ensure they were not inadvertently compromised
  • Requesting new credit cards from your bank or financial institution
  • Periodically checking your credit report to ensure you were not the victim of fraud or identity theft

Protect yourself from Scareware

The best way to prevent a scareware attack as an individual user is through prevention. By recognizing the signs of a scareware scam, it is possible to avoid these cyber threats.

It is important to keep in mind that reputable antivirus software programs typically do not notify customers of a security incident via pop up ad—and none will require the user to share log-in credentials or credit card information within a pop up window.

Many of the tips offered to avoid scareware scams are similar to the best practices used to prevent malware and spoofing attacks:

  • Never click links or download files from pop up ads or unfamiliar email senders.
  • Install a pop up blocker and spam filter which will detect many threats and even stop scareware pop up ads and infected emails from reaching your device.
  • Invest in cybersecurity software from a reputable antivirus vendor and ensure all installations are up to date.
  • Log into your account through a new browser tab or official app—not a link from a scareware alert, email or text message.
  • Only access URLs that begin with HTTPS.
  • Never share personal information, such as account numbers, passwords or credit card details, via phone, email or unsecured site.
  • Enable two-way authentication whenever possible, which makes it far more difficult for attackers and scareware scammers to exploit.

Expert Tip

Password Managers are great for remembering passwords, but they can also add an extra layer of security! Using a password manager will automatically enter a saved password into a recognized site (but not a spoofed site).

CrowdStrike Scareware Solution

For any business, protecting against scareware attacks will be similar to protecting against malware, ransomware and other cybersecurity threats. These attack techniques are constantly evolving, making protection a challenge for many organizations.

Hackers are constantly looking for new holes and backdoors to exploit using these innovative attack techniques. So rather than attempting to detect known malware iterations, Falcon looks for indicators of attack (IOAs) to stop ransomware before it can execute and inflict damage. The CrowdStrike Falcon® platform uses AI-powered machine learning to defend against both known and unknown threats.


Bart is Senior Product Marketing Manager of Threat Intelligence at CrowdStrike and holds +20 years of experience in threat monitoring, detection and intelligence. After starting his career as a network security operations analyst at a Belgian financial organization, Bart moved to the US East Coast to join multiple cybersecurity companies including 3Com/Tippingpoint, RSA Security, Symantec, McAfee, Venafi and FireEye-Mandiant, holding both product management, as well as product marketing roles.