Sage Advice - Cybersecurity Blog

Cyberattacks 101: Scareware as Malware

ScarewareMalicious behavior using new malware variants is on the rise. Cybercriminals continue to expand and improve attack methods, uncover new vulnerabilities, and develop fresh exploits. Unfortunately, these evolving techniques work because they often get through traditional defenses undetected. With proper knowledge, awareness, and cautious browsing, you can help defend against these attacks and keep both you and your organization’s data secure.

Let’s take a deeper dive into scareware malware and what it could mean for you.

What is scareware?

On a basic level, scareware is a type of malware that uses fear-based distribution tactics to trick victims into thinking that they need to interact with the malware.

First, the hacker tries to convince the victim they’re in trouble or danger and then offer them a solution. An all-too-common example of scareware is receiving a popup in your browser that says something like, “We’ve detected viruses on your computer! Click here for help.”

Essentially, the hacker will use any fear-based tactic they can to convince you to click on a link. Once the victim clicks on the message, they are typically taken to a page that tries to sell them a piece of software. In the example here, the user would probably be coerced into downloading an anti-malware software to supposedly protect themselves.

What are the objectives of scareware?

A few things could happen after the victim purchases and downloads the software that will allegedly solve their predicament. The best-case scenario is that the software does nothing and ends up being completely useless. The hacker just pockets the money spent on an unnecessary tool.

The worst-case scenario – and something that we’ve seen more and more of – is that the software is actively malicious. Some scareware will lock up a device and outright demand a ransom. For example, the hacker may demand $20 and report you to the authorities if it doesn’t get paid. Or even worse, they could request a much higher amount and threaten to destroy the machine and the files on it if the victim doesn’t pay up.

Other types of scare-based tactics use this same method to trick users into sharing personal information such as credit card numbers and Social Security numbers, so they can steal them. For example, the hackers will trick people into believing if they don’t enter their credit card number, the card will be canceled.

Hackers will also try to scare users into visiting a compromised website by serving up a popup ad that says, “Click here or your phone service will be canceled in 24 hours.” Cybercriminals that administer scareware will try to leverage anything to scare users into giving them information for their own financial gain.

Finally, some scareware groups will just use the above scenarios to get their foot in the door so they can carry out a more malicious cyberattack. If the user engages with the scareware – whatever form that may be – they could download malicious software that could be used to perpetrate a ransomware attack or put a Trojan on the machine.

How does scareware spread?

Scareware can spread not only by visiting a compromised website or downloading malicious software, but it can come from phishing emails, too. Hackers will send an email that is meant to scare the user and trick them into clicking on a malicious link, thus, infecting the user’s computer with the malware.

Outside of malicious downloads and phishing, another big scareware spreader is what’s known as malvertising. Malicious advertising, or malvertising, entices a user to click on what they believe to be a clean website, but really takes them to a compromised website. Along those same lines, browser popups are a classic (and still extremely popular) source of scareware malware. The typical rundown of the popup method is as follows:

  1. A popup will appear in the browser, which is how the scareware will first present itself to the victim. The most common version of this is in the form of a security alert. For example, “There are viruses on your machine! Click here to mitigate it!”
  2. A lot of these popups will include 'clickjacking', where clicking on the popup in any capacity, including the cancel or X out button, will still allow it to operate. Wherever the popup gets clicked, it’s still going to download the malware or demand personal information.
  3. Some popups will freeze the victim’s screen until they engage with it, refusing to allow them to click away to other tabs or close the browser.

How can you avoid scareware?

Let’s look at what you can do to avoid scareware.

  1. At a basic level, it’s always best to try to avoid suspicious or unknown websites. If you are going to click a link, hover your cursor over it for a second to see where it’s actually taking you so you can keep to safe websites. (Remember the rule: forward slash, two dots back.)
  2. Do not engage with strange popups or suspicious and/or uncomfortable ads. You should also go into your browser settings and disable popups to prevent the scareware from ever presenting itself to you.
  3. If you do find yourself in a situation where a strange popup has appeared and you are not able to close that tab, instead of just giving up and engaging with it, consider using Task Manager to shut down the application.
  4. Finally, if you’ve accidentally engaged with a malicious ad, consider disconnecting your Wi-Fi connection so you are no longer connected to the malicious website.
  5. Ensure your antivirus and antimalware software is installed and up to date.

All of these steps can help you avoid and help you respond if you think you’re about to be the victim of a scareware attack.

Topics: Cybersecurity, Cybersecurity Tips, Ransomware, Cybersecurity Awareness

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More