What is scareware?

Scareware is malware that is designed to trick a user into paying money or in­stalling more malware by present­ing an alleged threat. The best way to combat scareware is by being cautious and by employing ap­pro­pri­ate cy­ber­se­cur­ity.

The term ‘scareware’ is made up of the words ‘scare’ and ‘software’. Scareware is malware that tricks the user into believing that there is an acute or imminent danger so that they take certain actions. These can be monetary payments or the in­stall­a­tion of an actual malware program. These kinds of social en­gin­eer­ing tactics are therefore scams that can cause great damage. This is also because scareware is often not easy to recognise as such.

There are many different kinds of scareware. To better un­der­stand what malware looks like, we’ve put together some examples.

Scareware that’s disguised as an antivirus program or system software is par­tic­u­larly wide­spread. This kind of scareware uses logos and names that look le­git­im­ate or imitate real programs. No­ti­fic­a­tions or pop-ups will suggest that the device is infected with viruses. If you click on the scareware, you’ll either be asked to pay for the removal of the invented viruses or download an actual Trojan. This can then turn into a real threat to the system.

In this attack, the screen is locked by a large display. This often contains a police logo or that of another authority. Often, you’ll be told that illegal files have been found on your device and that it is therefore blocked. It’s not unusual for the allegedly found data to be illegal downloads or even child por­no­graphy. To prevent pro­sec­u­tion, you’ll typically be asked to pay a fee. If the alleged fine is remitted, the ad is shut down. However, le­git­im­ate au­thor­it­ies have nothing to do with this process.

The simplest and safest way to identify scareware and other malware and take the best possible action against it is to remain calm. With a little distance and a clear head, malware can in most cases be re­cog­nised at first or at least second glance. A good antivirus program doesn’t create a threat­en­ing backdrop, but instead presents solutions in a calm and serious manner. Capital letters, numerous ex­clam­a­tion marks, and horrific scenarios, as well as an un­real­ist­ic threat posed by several viruses at the same time, are therefore good in­dic­at­ors of a scamming attempt. The same applies to the second example: official au­thor­it­ies don’t com­mu­nic­ate via pop-up messages or your desktop display – but scareware does.

However, more pro­fes­sion­ally-designer scareware may not be as easily dis­tin­guish­able from a le­git­im­ate program at first glance. But even in this case, there are some clues that indicate malware. These include:

• High-frequency alerts: When an antivirus program has detected a threat, it makes itself known and then guides you through the necessary steps. Scareware, on the other hand, often follows up with several pop-ups to make the supposed threat seem even more acute.
• New windows and programs: If you already clicked on scareware, it may install programs or add new windows on its own. If your browser or desktop changes without your in­ter­ven­tion, it could be an in­dic­a­tion that malware is already on your computer, smart­phone, or tablet.
• Reduced capacity: Malware harms your device and as a result often slows it down. So, if you notice that processes suddenly take longer, the screen freezes, or programs crash for no apparent reason, this can be an in­dic­a­tion of scareware.
• No access to certain programs: Moreover, you may not be able to access certain programs anymore. This can also indicate an attack and ab­so­lutely requires immediate coun­ter­meas­ures.

In case of a scareware infection, you’ll ask yourself what coun­ter­meas­ures are most effective. Different malware may also require different ap­proaches, but the following steps are usually promising:

1. First, remove the down­loaded program and all as­so­ci­ated files. On a PC, this can be done via the Control Panel and the ‘Uninstall program’ option. Find the malware in the list and delete it com­pletely. On a Mac, select ‘Programs’ in the Finder and find the scareware. Then, drag it to the Bin and empty it. While this step is important and correct, scareware often infects other areas as well, so a simple deletion process un­for­tu­nately doesn’t always remove all com­pon­ents.
2. Next, try turning off your computer and re­start­ing it in safe mode. In this mode, the computer will only access the most important programs and stop the scareware from working. In Windows, click ‘Restart’ and hold down the Shift key at the same time. After the restart, select ‘Troubleshoot’ and ‘Advanced options’. Here, you will find the item ‘Startup settings’ and press the ‘F5’ key. This will start up your PC in safe mode with network drivers. On Mac, also hold down the Shift key while re­start­ing. After a short time, the login screen will appear.
3. Safe mode means that your computer will only work with the most necessary programs, keeping the scareware at bay, but still allowing you to access the Internet. This means you can download, install, and run a real anti-malware program. This kind of a program will find all the com­pon­ents of the scareware and delete them. If you already have an anti-virus program installed, run it. It’s important that the software fits your device. For Android and iOS there is special software to deliver the best results.

Even if the measures described above are suc­cess­ful, they still don’t prevent your system from getting re­in­fec­ted by scareware. However, there are some ways through which you can prevent similar problems from occurring again. These are the most effective ones:

• Antivirus software: Employ a le­git­im­ate antivirus program to protect your device from any kind of malware. Good software will warn you about possible threats and im­me­di­ately quar­ant­ine already installed malware. At the same time, the program runs in the back­ground and won’t restrict you.
• Ad banners: If possible, try not to click on ad­vert­ising banners. If you non­ethe­less want to, make sure that the provider is a reputable company and verify the source.
• No­ti­fic­a­tions: Remember to never click on pop-ups or banners that suggest that your computer is infected with a virus. Even if the no­ti­fic­a­tion is offering an antivirus software download, it’s probably scareware. Only download programs from trust­worthy sources.
• Browser: Always keep your browser updated. New versions always have the latest security features, meaning that the latest version also offers the best pro­tec­tion. In addition, you can use handy browser tools, such as pop-up blockers, firewalls, or URL filters.
• Pop-ups: To prevent scareware from being down­loaded against your will, it’s re­com­men­ded to not only close the cor­res­pond­ing pop-up, but the entire browser. In Windows, press the [Ctrl] + [Alt] + [Del] keys sim­ul­tan­eously. This way you can open the Task Manager and close all browser windows manually. On Mac, the key com­bin­a­tion is [cmd] + [alt] + [esc].
• Sensitive data: Never pass on sensitive data such as passwords, addresses, or contact details unless you know the source of the request and have checked it carefully. This applies all the more to bank transfers. Never pay supposed fines or take out a paid sub­scrip­tion if you aren’t com­pletely sure that the recipient is trust­worthy.

The most effective pro­tec­tion against any type of ransom­ware is offered by those solutions that don’t just cover one point, but offer com­pre­hens­ive pro­tec­tion. This includes a first-class virus scanner that im­me­di­ately reports and stops sus­pi­cious processes. The process takes place in the back­ground and so doesn’t interfere with what you’re doing. The latest tech­no­logy will also protect you against ransom­ware in the best possible way.

Beyond that, these programs not only focus on scareware and other threats, but also regularly create a backup of your data. So, in case of a suc­cess­ful attack, a problem with the hardware or even an ac­ci­dent­ally deleted file, you will still have quick access to all your data. Even a backup of your entire system is possible. This double pro­tec­tion is the best option to prevent data loss or a suc­cess­ful attack with scareware

Un­for­tu­nately, scareware isn’t the only threat. There are many different kinds of malware that are designed to steal your data or your money. These include:

• Adware: Adware spies on your user behaviour to present you with suitable ads based on the collected in­form­a­tion. This type of malware is annoying, but usually not dangerous. You can often quickly identify adware programs and simply delete them.
• Spyware: Spyware is much more dangerous. This malware collects sensitive in­form­a­tion such as account data, passwords, or other protected data. The in­form­a­tion obtained is then passed on or used directly for blackmail or theft.
• Ransom­ware: Ransom­ware is a type of extortion where a Trojan infects and locks parts of a hard drive. Only by paying a ransom can you regain access to your data. Ransom­ware is often dis­trib­uted via spam emails.
• Crypto­jack­ing: Crypto­jack­ing is a com­par­at­ively new form of online fraud. With the help of malware, the web browser is taken over without your knowledge and crypto­cur­ren­cies are secretly mined at your expense.