Scareware is a malware tactic that manipulates users into believing they need to download or buy malicious, sometimes useless, software. Most often initiated using a pop-up ad, scareware uses social engineering to take advantage of a user’s fear, coaxing them into installing fake anti-virus software. Scareware goals can vary from selling useless, fake tools to the installation of damaging malware that exposes sensitive data. Scareware has been known to convince users to download ransomware, a form of malware that holds the user’s data hostage in exchange for a payout.

In early 2010, website visitors for the Minneapolis Star Tribune began seeing Best Western ads that were actually part of a malvertising campaign sending users to fraudulent sites and infecting them with malware. In addition to the fake ads, Tribune readers also saw Windows support pop-ups peddling fake anti-virus software for $49.95. In 2018, Latvian national, Peteris Sahurovs, was arrested for the scareware scheme. By then Sahurovs had made as much as $250,000 from the scheme.

In March 2019, Office Depot and it’s tech support vendor, Support.com, agreed to pay the FTC a $35 million settlement after allegedly deceiving customers into downloading a free “PC Health Check Program.” Said health check program was used to sell diagnostic and repair services customers often did not need. In this example, scareware is being used to drive sales and not to install malicious software. It is worth stating that if the customers had actually required the services this would not be considered scareware.

One of the best ways to protect against scareware is to stick with known, tested and up-to-date software products. Another is to resist the click reflex. If you receive a warning about a new virus or an invite to download free software, it is almost certainly a scam. If it seems suspicious, it is.

From a network point of view, you should use pop-up blockers and URL filters. This will help prevent fake anti-virus messages from reaching users. Web security tools, firewalls and user protection will also help to stop attackers in their tracks. Your user policy should also clarify to users how important it is that they do not click on anything suspicious and report any unrecognized activity to the IT department.

While scareware alerts are fake and clicking them should be avoided, you should not ignore them altogether. Their very existence is a signal that your computer is infected, though it could also be the site or property you are using.

To remove, you will likely need to seek out a third-party solution. Do your research, see if others are experiencing similar issues or symptoms and learn what they used to solve. The goal is to remove any signs of a virus and immediately re-install any anti-virus software that the virus bypassed or disabled. Finally, ensure your computer and software are up to date with all current patches and protective measures.