Keeping the Creeps Off Your Computer: Tips to Avoid Scareware & Scare Scams
By: Lewis Brisbois' Data Privacy & Cybersecurity Team
Halloween is a great time to masquerade as your favorite supernatural or otherworldly character, generating harmless screams and candy. Not so harmless is the fear that scammers create by pretending to know something about you or your cyber system in order to scare you into sending them money.
Unlike kids dressed as ghosts, the initiators of scareware and scare scams try to cause real panic and convince you that your “problem” will only be resolved by paying them or letting them into your computer. Fortunately, by following a few cybersecurity tips, you can recognize these scare tactics and limit your Halloween losses to candy bars.
What is Scareware?
Scareware is malicious cyber messaging designed to convince you that there’s an operating or security issue in your cyber system. The sender of the scareware is trying to get you to pay money to “fix” your system or, worse, get you to install their software to “fix” the problem, tricking you into downloading a real piece of malware that may divulge your personal information to the malicious actors.
Most users have likely experienced scareware by way of an unexpected pop-up. These pop-ups say things such as: “Warning! Spyware Found! It is recommended you click here to protect yourself” or “Virus Detected! A total of 4,414 infections were found on your PC. Purchase protection here.” These messages mimic legitimate antivirus and security warning graphics and occasionally replicate the victim’s internet browser. Some even appear as fake ransomware attacks to convince the victim to pay a ransom to unlock their data – which, of course, is not actually encrypted.
How to Combat Scareware
Here are a few simple measures that can be taken to counter scareware:
- Use your judgment. If a pop-up looks bogus, then it probably is. For instance, you may see a “virus scanner” that claims to have scanned your entire computer in an unrealistically short amount of time and then suggests that you purchase some unknown security product immediately.
- Beware of any cyber “repair” company which requires payment in gift cards or other anonymous payment form. Real companies don’t do business this way, but criminals do.
- Do not trust any suggestion that you download an unknown or obscure antivirus solution, as these programs are methods of introducing malware into your system.
- Keep everything updated. It is important to keep your operating system, software, and browser up to date and patched. Doing so routinely unearths and corrects security issues and is an excellent protective measure.
- Use a pop-up blocker. This should significantly limit the effectiveness of scareware. Some browsers have pop-up blockers built in, so be sure to enable that feature.
- Install a real anti-malware product. Anti-malware tools should be continuously deployed and regularly updated.
- When in doubt, ask for assistance! The malicious actors sending scareware aren’t your average trick-or-treaters, and some scareware campaigns are very sophisticated. Rather than clicking on something suspicious, first contact your IT team or service provider. The safest approach is to ignore the unsolicited scary message and later scan the machine with a real product to confirm that there is no malware present.
What are Scare Scams?
Scare scams are the less sophisticated (but equally frightening) cousins of scareware. In a scare scam, the malicious actor tries to blackmail the victim by claiming to know damaging information about them and demanding payment to avoid disclosure.
For instance, a victim may receive an unexpected email stating someone hacked the victim’s computer and has videos of the victim viewing pornography. Sometimes, the message may contain the victim’s password (old or current) that the blackmailer found somewhere on the dark web in order to scare the victim into believing the threat comes from someone with real information. The messages typically instruct the victim to click a link and pay to keep secret damaging information.
How to Protect Yourself From Scare Scams
The tips listed above for combatting scareware are equally applicable to help minimize the impact of these scam messages. In addition, we recommend the following steps:
- Stay vigilant! Be a human spam filter and use your common sense. These scare scam campaigns follow certain themes (such as the “sextortion” example mentioned above) and will include a message specifically designed to provoke fear without having any basis in reality.
- Install a webcam privacy cover on your computer to guarantee that, no matter what it says in the scary email, no one has been using your computer to film you.
- Use spam filters and be sure to “report spam” when you receive these messages. Consider also investing in a commercially available anti-spam product.
- Protect your email account by implementing multi-factor authentication and using complex passwords that are changed frequently.
- Don’t respond to or interact with the sender of the threatening email. The sender may not know whether your account belongs to a real person. By responding, you indicate that you’re an active user of the account and may make yourself more of a target for future attacks.
- Do not open any links or attachments included in such emails. Opening these items may install and launch malware in your cyber environment.
- Do NOT pay the demand! These actors may request payment in gift cards or in Bitcoin and include a wallet address. If you pay a demand once, you may flag yourself as someone who should be targeted again.
- When in doubt, ask for assistance. Again, do not hesitate to alert your IT team or service provider. If the extortion is particularly troubling, it can also be reported to law enforcement.
Following these tips should help keep the frights of Halloween on your front step and off your computer. For further assistance, visit our Data Privacy & Cybersecurity Practice page to find an attorney in your area.