Windows Antivirus

What Is Scareware and How Can I Avoid It?

Our digital security team explains what this type of malware is, and how to protect yourself against it.

All of our content is written by humans, not robots. Learn More
By
&
Aliza Vigderman
Gabe TurnerChief Editor
Last Updated May 15, 2024
By Aliza Vigderman & Gabe Turner on May 15, 2024

Pop-ups come in many forms, so commonplace (and painful) that even Grand Theft Auto V satirized them. One form of pop-up you’ll need to contend with as you browse the internet is scareware. As the name suggests, these pop-ups suddenly appear on screen, announcing that certain files (or your entire computer) are compromised, and then offer up fake antivirus programs.

The key here is the false sense of urgency that scareware presents, leading users to quickly click, sending them down deep rabbit holes to dangerous websites and malware that can put their personal digital security at risk.

One of the earliest instances of scareware comes from Canada, where programmer Patrick Evans created a program called NightMare to attack the Amiga computer. With the program installed, a frightening skull flashed across the screen every few minutes. It even had blood and sound effects to add to the chaos.

How to Protect Yourself From Scareware

As security experts who have been tracking the rise of scareware in recent years, we’ll give you the skinny on how to recognize scareware and stay clear of it so you can keep your devices safe and uncompromised.

Here Are a Few Tips:

  • Never click on unusual or suspicious pop-ups.
  • Take your time before clicking a pop-up. Scareware thrives on a false sense of urgency. When in doubt, close the pop-up — or better yet, restart your browser entirely.
  • Never download files from suspicious websites, only from sites you trust.
  • Use one of the best antivirus softwares with pop-up blocking and make sure to keep the software up to date.
  • Update your browser as often as possible.
Surfshark One Antivirus Main Page
Surfshark One Antivirus Main Page

>> See Also: A Complete Guide to Antivirus Protection and Internet Security in 2024

How Does Scareware Work?

Scareware usually makes an appearance in the form of a pop-up that seems to be from a reputable source. It could even be some antivirus or security company, including fake brands like System Defender or Windows Defender Warning. Basically, scareware tries to appear like it’s reputable and an authority in the hopes of getting you to click and quickly install software from a bad actor. These pop-ups can also mimic the look of a notification window or a progress bar.

Some scareware pop-ups even appear to be scanning your device for threats and removing them. This is another way these kinds of ads can be quite seductive and mimic even the best free antivirus software. Human beings have an innate fight or flight instinct, and these tactics play on that. But remember this: These ads aren’t fighting for you, they’re fighting against you. Rather than fixing an issue, they’re installing malicious software on your device and possibly collecting data on you.

Did You Know: Antivirus software can help users stay clear of scareware and remove any malware that has been installed as a result of scareware. Antivirus software also helps prevent spyware, adware, and ransomware attacks.

Another tricky thing about scareware is that sometimes these ads use fake “Close” buttons. Users might rightly identify these ads as bunk and make moves to get rid of them. However, that fake button may trigger yet another pop-up or even initiate a download. That’s why we always encourage you not to click the ad at all and instead close out your browser entirely. This will keep you and your device safe.

Pro Tip: When in doubt, just close the browser entirely. That’s a good tip for avoiding online scams altogether.

Scareware can also manifest in the form of spam emails, through messages that fool users into buying useless products or services. This form of scareware has been on the rise recently.

Notable Scareware Incidents

Consider these cautionary tales for taking scareware seriously. Here are a few real-world incidents of scareware.

Star Tribune Hacking

Let’s go back more than a decade to 2010. Users visiting the website of the Star Tribune in Minneapolis were hit with scareware pop-up ads. They looked like they came from Best Western Hotels and Windows Support, and the pop-ups had messages that encouraged them to purchase “antivirus” software.1 A notable paper, an esteemed hotel chain — it’s easy to see the convincing elements here. After clicking on these ads, users were infected with malware and scammed out of about $50 each to install fake antivirus software, which naturally included more malware.

Pro Tip: Some malware is referred to as a worm because it can infect connected devices. Scareware uses computer worms to target businesses by infecting an individual’s computer and then letting that worm spread throughout the company. That’s why work from home security tips need to include advice on avoiding scareware. We cover this type of malware in our guide to computer worms and how to prevent them.

The scammer behind the scheme, a Latvian national named Peteris “Piotrek/Sagade” Sahurovs ultimately earned between $150,000 and $250,000 before finally being thwarted by the Department of Justice later in the decade. He was once the FBI’s fifth most wanted cybercriminal, a testament to how effective his tactics were.2 In 2018, he pleaded guilty to conspiracy to commit wire fraud.

Windows Scareware

More recently, as security experts, we’ve been tracking Cryxos Trojans, which have emerged as a problem for Windows PCs. It begins with the normal scareware cascade of suggesting your computer is infected in the hopes that you download malicious software. Often, these pop-ups attempt to imitate normal Microsoft or Windows OS imagery and language. Don’t trust these scams. Close your browser immediately and run one of the best antivirus software for Windows PCs to make sure you’re in the clear.

>> Learn More: Does Windows 10 Need or Come With Antivirus?

Mac Attacks

For all you Apple users, an early scareware pop-up that Mac users tangoed with was Mac Defender. It also went by such zany names as Mac Guard, FakeMacDef, Mac Protector, and Mac Security — a testament to its chameleonic ways.

FYI: Contrary to popular belief, Macs are also susceptible to malware and viruses. While Macs do have a built-in antivirus software, that doesn’t mean it’s foolproof. We typically recommend using one of the best antivirus softwares for Mac to add redundancy to your protection.

More Tips on Averting a Scareware Disaster

In the rush to make you aware of scareware, we don’t want you to be even more, well, scared. With that in mind, we’ve put together a checklist of what you should do and not do as you deal with scareware online.

Scareware dos
  • Slowly examine all pop-ups and never rush to click anything. When in doubt, close your browser.
  • Only download files and programs from trustworthy websites.
  • Use tools like pop-up blockers and antivirus software.
  • In browser settings, remove all unwanted add-ons and extensions.
Scareware don’ts
  • Don’t rush to click any pop-up ad or notification.
  • Avoid third-party downloaders, torrent clients, and websites that aren’t official.
  • Don’t rely on pop-ups to notify you about viruses. Only trust notifications that come from an approved antivirus program you’re currently running.
  • Don’t download browser extensions from websites you don’t trust.

>> Read More: Do You Still Need Antivirus Protection Software in 2024?

A Scareware Recap

Scareware is on the rise in recent years and it’s easy to see why. The practice can be persuasive and plays on certain innate human qualities that we all have. But there are a few tips you can follow to avoid taking the bait.

Don’t click on random pop-ups you don’t recognize or trust. When in doubt, close your browser. Another thing to remember is that reputable antivirus software won’t use scare tactics. Only scareware employs that strategy, and it’s important to keep that in the back of your mind as you browse the internet on your devices. For more advice on keeping your online habits safe, check out our roundup of the most important cybersecurity tips, facts, and statistics.

Scareware Frequently Asked Questions

Here’s one final rundown of the most frequently asked questions we’ve gotten about scareware. As security experts, we always emphasize keeping you safe and keeping you informed.

  • What is scareware?

    Scareware draws on a sense of urgency and as the name suggests, a sense of fear. They often come in the form of harmful pop-ups that appear to be working for you. But these pop-ups ultimately install malware on your computer and trick you into forking over money for fake “antivirus” software.

  • When did scareware first emerge?

    It’s unclear. But back in the early 1990s, Canadian programmer Patrick Evans created NightMare, a program that produced a chilling Halloween style skull on the Amiga computer.

  • Are there any notable scareware scams?

    In 2010, visitors of the Star Tribune website were greeted with persuasive scareware pop-ups that ultimately tricked many into buying a fake antivirus program.

  • How can I stay safe from scareware?

    When in doubt, don’t click on any pop-up you don’t recognize. Only trust notifications about viruses that come from an approved antivirus software that you’re currently running. Use a good pop-up blocker, buy a good antivirus program, and keep it updated.

  • Where might I encounter scareware?

    Scareware will often appear as a pop-up while you’re browsing a website. But it can also originate from emails and mobile apps.

Citations
  1. U.S. Department of Justice. (2018). Latvian National Pleads Guilty to “Scareware” Hacking Scheme That Targeted Minneapolis Star Tribune Website.
    justice.gov/opa/pr/latvian-national-pleads-guilty-scareware-hacking-scheme-targeted-minneapolis-star-tribune

  2. ZDNET. (2018). Scareware scheme operator thrown behind bars for targeting US media.
    zdnet.com/article/best-travel-vpn/