Does anybody like pop-ups? Unlikely. That's why pop-up blockers are so popular. And as if pop-up ads and pop-up windows weren’t annoying enough, now scammers are using scareware pop-ups to trick users more determinedly than ever.
Scareware scams aren’t new. But they are, like a number of other cybersecurity threats, increasing with the rise in remote work. Employees working outside company firewalls were easy targets for hackers. One study found that “more than one in four organizations detected malvertising or scareware attempts during the first half of 2021.” Because so many people are affected by it, we wanted to take a closer look.
What is Scareware?
Scareware, a malware tactic, encompasses different types of malware, including ransomware, and spear phishing. Whatever form it takes, it tricks people into downloading — or even buying — security or antivirus software that's hiding malware. Scammers know anyone who’s dealt with a computer virus wants to avoid it at all costs. They throw a pop-up security alert into a user’s browser window. The user reacts (clicks the ad), and instead of legitimate antivirus software they get fake antivirus software.
The malicious software may be bloatware — a hassle, but not dangerous. On the other hand, the fake antivirus program may actually be a form of malware that leads to credit card information and identity theft. Even a small amount of personal data can help cybercriminals launch a credential stuffing attack.
Scareware Programs in the News
Data breaches via social engineering were one of the top cybersecurity threats businesses faced in 2021 — 5,258, up from 3,950 in the 2020 report. These breaches often start with social engineering tactics such as spear phishing.
One of the more prevalent examples of scareware is Cryxos. In Q1 2020, the Cryxos trojan was third on a top-five encrypted malware list as well as third on the top-five most widespread malware detections list.
This malware trojan comes to computer users in a couple of forms. One is as an email attachment disguised as an invoice. Recipients enter an email address and password to access the fake invoice, and the fraudster stores the credential combination. Credentials in the wrong hands makes a variety of cyberattacks possible.
Another Cryxos tactic is a notification on a user’s screen warning about a virus infection blocking their browser and stealing personal info. Cybercriminals may lay the groundwork for the attack by infecting a real site or creating a fake malicious one.
In each of these the goal of the cyberattack is the same: stealing credentials.
Scareware Removal and Prevention
Your best bet for removing scareware is a trusted antivirus program you’ve verified as legitimate. Your IT team or the software manufacturer’s tech support department can walk you through the process if you have questions (or just want backup).
You can manually remove scareware, too, by uninstalling it. For a Microsoft Windows operating system, follow the normal Uninstall process through the Programs Control Panel. On a Mac, use the Finder window to pinpoint the program in Applications, drag it to the Trash, and empty the Trash.
But what about avoiding scareware? It relies on human error, so be skeptical and don’t trust without verifying. If a pop-up appears on your screen, especially one with lots of exclamation points and warnings, close your browser, not just the window. And, as mentioned above, a reliable antivirus program provides a degree of security against cyber threats.
Cyber Shield, a built-in DNS filtering feature of OpenVPN Cloud, can help, too. It gives administrators the power to filter and block attacks by monitoring, detecting, and stopping users from accessing harmful content. It also encrypts DNS traffic, securely tunneling it to OpenVPN DNS servers or your private DNS servers.