What Is Scareware? Defined and Explained | Fortinet (2023)

A common scareware definition is a cyberattack tactic that scares people into visiting spoofed or infected websites or downloading malicious software (malware). Scareware can come in the form of pop-up ads that appear on a user’s computer or spread through spam email attacks.

A scareware attack is often launched through pop-ups that appear on a user’s screen, warning them that their computer or files have been infected and then offering a solution. This social engineering tactic aims to scare people into paying for software that purportedly provides a quick fix to the "problem." However, rather than fix an issue, scareware actually contains malware programmed to steal the user’s personal data from their device.

Scareware can also be distributed by spam email, through messages that trick people into buying worthless items or services. Hackers then use the details they successfully steal to widen their criminal enterprise that is mostly based on identity theft.

So how is scareware used? Typically through pop-up ads from rogue security providers that may sound legitimate but are fake. For example, rogue scareware or fake software names to watch out for include Advanced Cleaner, System Defender, and Ultimate Cleaner.

Scareware ads, which pop up in front of open applications and browsers, aim to scare computer users into thinking they have a major problem with their device. The hacker uses pop-up warnings to tell them their computer has been infected with dangerous viruses that could cause it to malfunction or crash. Some scareware ads also purport to be scanning the user’s device, then showing them hundreds of viruses that are supposedly present but are actually fake results. Typically, the more menacing or shocking an ad pop-up sounds, the more likely the claims being made are scareware.

Another key feature of scareware is urgency. Hackers attempt to convince users that the supposed device problem requires immediate action and then prompt them to install the program as quickly as possible. Therefore, always be careful with any ad that demands the user to act immediately. It is most likely scareware.

Even more concerningly, scareware ad pop-ups can be particularly difficult for users to remove from their device. Hackers want the fake software to linger on a user’s screen, so they make the close button difficult to find and show even more fake warnings when the user manages to locate and click on it.

The most effective way for users to protect themselves from scareware is to only use software from legitimate, respected, well-known providers. It is also important to avoid what is known as “the click reflex.” In other words, ignore all unexpected pop-up ads, warnings about new viruses, or invites to download free software that is not from a trusted organization.

If scareware appears on your device, never click the "download" button, and always close the ad carefully. A better option is to simply close the web browser rather than attempt to click on the pop-up ad. This can be achieved with the Control-Alt-Delete command on a Windows device and Command-Option-Escape to open the Force Quit window on a Mac device. If that does not work, perform a hard shutdown of the device.

Another option is to use tools like pop-up blockers and Uniform Resource Locator (URL) filters that prevent users from receiving messages about fake or malicious software. Furthermore, legitimate antivirus software, network firewalls, and web security tools will protect users from the spread of scareware. These tools must be kept updated at all times to provide effective protection from scareware and other types of malware.

Organizations can help employees protect themselves against scareware by providing regular training on how to spot suspicious activity or software. Users must remain vigilant and recognize the telltale signs of a cyberattack, such as suspicious pop-up ads and email messages.

Scareware alerts and pop-up ads signal that a user’s computer has been infected with some form of malware. Removing scareware and any other form of malware involves using a third-party removal tool that can eliminate all signs of the virus infection and then re-enabling the antivirus software the scareware bypassed or disabled to carry out its purpose.

The computer and all software on the device must have the latest patches and security measures from the software provider.

In 2010, the website of theMinneapolis Star Tribunenewspaper began serving Best Western ads, which redirected users to fake websites that infected their devices with malware. The attack launched pop-up ads that told users their device had been infected and that the only way to remove it was to download software that cost $49.95. The attackers managed to make $250,000 before being arrested.

Other examples of scareware are targeted at specific devices. For example, Mac Defender is an early form of malware targeting Mac devices, and Android Defender is scareware or fake antivirus software that targets Android phones.

The Fortinet range ofnext-generation firewalls (NGFWs)helps protect organizations and their users from all forms of malware, including known and emerging security threats. The Fortinet firewalls filter network traffic and use features like Internet Protocol security (IPsec) and secure sockets layer virtual private network (SSL VPN) to keep users secure.

The Fortinet firewall technology enables Internet Protocol (IP) mapping and network monitoring, which provide deeper inspection of content to identify and block cyberattacks, malware infections, and other security threats. It also offers protection at scale and enables future updates to ensure organizations are protected against the latest threats.

Scareware and ransomware are both forms of malicious software or malware.Scareware is malware that attempts to scare users into thinking their device has been infected with a virus and then encourages them to quickly download a program to fix it. It usually warns users that their device has a dangerous file or risky content and then offers a solution that will remove the threat. It aims to convince users to download software from a provider they have never heard of.

Ransomware is a type of malware that, when downloaded, encrypts files on a device or locks a device completely. The attacker will then demand payment or a ransom from the victim, promising to unlock the data or device once the transaction has been completed.

Scareware is typically used to download malicious software onto a computer. Telltale signs that a virus is present on a device include receiving lots of unwanted pop-up ads or error messages, unexpected freezes, crashes, or restarts, icons unexpectedly appearing on the desktop, sudden device or file lockouts, a computer suddenly running slowly, and web browsers being set to a new homepage or having new toolbars.

Reputable software providers and antivirus vendors do not use scare tactics to force users into downloading their programs. So a good rule of thumb is that any software ad that sounds malicious or threatening and attempts to scare the user into downloading it should be avoided.