What is Scareware?
According to Forcepoint, scareware is a malware tactic that manipulates users into believing they need to download or buy malicious, sometimes useless, software. Scareware is most often initiated using a pop-up ad. This type of malware utilizes social engineering to take advantage of a user’s fear. It uses this fear to coax them into installing fake anti-virus software to infiltrate their system.
What does Scareware do?
There are three ways that Scareware might attack:
- Identity theft: scareware will secretly attack your computer and record your keystrokes and personal information. Stealing such information as usernames and passwords.
- Stealing your credit card details: scareware will trick you into buying fake antivirus software.
- “Zombie” your computer: scareware will enable hackers to take remote control of your computer and use it to disseminate spam.
*SpySheriffexemplifies spyware and scareware: it claims to remove spyware, but is actually a piece of spyware itself.
Scareware in the News
Office Depot and Support.com, their Tech Support Vendor, agreed to pay the FTC a $35 million settlement after allegedly deceiving customers into downloading a free “PC Health Check Program,” in March of 2019. The supposed health check program was used to sell diagnostic and repair services customers often did not need. In the case of Office Depot, scareware is being used to drive revenue/sales and not to install malicious software. Please note: if the services offered were actually received by the customer, this would not be considered scareware.
Resources:
