What is scareware?

Scareware pop-up

“Warning! Your computer may be infected!!!” Ever see messages like this on your computer? The likely best course of action: Ignore it. 

Scareware is a type of ad or message that scares you into buying or downloading unnecessary (possibly malicious) software—which itself can also be termed scareware. It uses a method that aims to make you feel shock and panic, and is a form of social engineering

At its most harmful, scareware puts you at risk of credit card fraud and identity theft; cybercriminals can even hold the contents of your hard drive hostage until you pay a ransom. The software used in this case is known as ransomware. While scareware can be used to deliver ransomware, the goals of scareware and ransomware differ. Scareware aims to provide useless, fake tools that install malicious software. Ransomware holds a user’s data hostage in exchange for a payout.

Scareware examples

So what does scareware look like? These attacks can take several forms, but what they have in common is an alarming message that tries to convince you of your vulnerability. They encourage you to address an alleged cybersecurity problem—typically a virus—by pretending to be messages from an antivirus program, a firewall, or your operating system. 

1. Scareware pop-ups

Sometimes referred to as a virus pop-up, these messages take over your entire screen, blocking whatever you were doing and forcing you to act before you can do anything else. The pop-up uses alarming language; for example, it warns you that you’re on the verge of losing all files on your computer. It prompts you to click a button that promises a solution. However, instead of an antivirus program, it downloads a malware program.

Scareware pop-up example

Pro-tip: Do not use the “X” or “Close” buttons when trying to navigate away from a scareware pop-up, as this may trigger malware to download. Instead, close the window from your computer’s task manager

To do so on a Windows PC, hit Ctrl-Alt-Delete, click Task Manager, find your browser program under the Applications tab, and click End Task. On a Mac, click on the Apple icon on the top left corner of your screen, click Force Quit, choose your browser name, and click on the blue Force Quit button.

Here are some famous scareware pop-up attacks that have made headlines:

  • In 2006, Microsoft and the attorney general of Washington state filed a joint lawsuit against anti-spyware software vendor Secure Computer. The Spyware Cleaner tool at the heart of the case has shown to turn up dozens of “extreme risk” alerts even on a freshly installed version of Windows XP. Email and pop-up ads also misrepresented the tool as being endorsed by Microsoft. (In 2010, Microsoft updated its built-in antivirus software Windows Defender to remove software it deems to be scareware from Windows 10 PCs.)
  • In early 2010, website visitors to the Minneapolis Star Tribune were served Best Western ads that were part of a malvertising campaign. Clicking on the ad would take readers to fraudulent sites that infected their devices with malware. 

2. Scareware emails

With scareware emails, a cybercriminal sends an “urgent” email demanding immediate action. The cybercriminal appears legitimate by using a spoofed email address or domain. By using similarly coercive language as scareware pop-ups, the email pushes the recipient to download a software program that will provide a fix, only to download malware instead. Recipients could also be duped into sharing information for fake technical support to troubleshoot the problem, giving cybercriminals access to their files and data. 

Read more: How to stop getting spam emails

How does scareware work? 

Your screen fills up with pop-ups warning you of a virus or dangerous files on your device. Coercive language pushes you to download a software tool that promises a fix. These pop-ups are designed to look like legitimate warning messages, down to replicating logos of well-known security software. They keep appearing and push you to take action by clicking a button on the pop-up to remove these supposed threats. 

But the button you clicked leads to a download of software that you don’t want, or at worst it’s malware. It could also take you to another website that further tries to sell you something you don’t need or persuade you to input your personal information (through phishing). 

These tactics take advantage of social engineering by using fear to coerce you into purchasing or downloading malicious software. Remember, genuine antivirus vendors don’t turn to scare tactics to get you to take action. The more persistent and dramatic the alerts are, the more likely they are to be scareware. 

How will scareware affect you?

If you fall for a scareware attack, here are some ways scareware may affect you. 

  • Malware can be used to spy on you. Cybercriminals can utilize scareware to install malicious software that tracks your activity. 
  • Your personally identifiable information can be stolen. This includes your credit card or bank account details. The information you enter when downloading software from scareware can be logged and used to commit credit card fraud or identity theft. 
  • Ransomware could be downloaded onto your computer. Cybercriminals may remotely seize your computer and demand a ransom, destroying your files if you don’t pay. 
  • Cybercriminals may offer fake tech support. As a follow-up scam, cybercriminals may offer help in the form of tech support only to con more money out of you.

How do you detect scareware?

If you suspect your computer has been infected by malware following some kind of alert, here are some common signs to look out for:

  • A barrage of pop-up windows. Persistent browser pop-ups warning of urgent security breaches are a sign of scareware. 
  • Your computer is experiencing a decrease in performance. Malware can cause your device to slow down, crash, or freeze.
  • New programs and features appear at random. You notice icons on your desktop or browser toolbars that you didn’t add. 
  • An inability to access programs or files. Unexpected error messages appear instead.
  • Your settings have been altered. Settings like your default browser or even wallpaper have changed without you making the change.
  • You clicked an ad. If you notice any of the above after clicking an ad, you may have been a victim of malvertising. The ad you clicked on may have embedded code that downloads malicious programs. If you’re unsure of an ad, search for the products instead of clicking on the ad.

How to remove scareware? 

The first step to removing scareware is to uninstall the program from your computer. Unsure which program is the scareware? A check of your browser’s downloads can prove helpful. After identifying the program, head to your computer’s settings to uninstall the scareware.

To remove scareware from Windows PC, perform the following steps:

  1. Navigate to Settings on your Windows device, then select Apps.
  2. Under Apps & features, select the scareware from the list of programs.
  3. Click Uninstall.

To remove scareware from Mac, perform the following steps:

  1. From the Finder window, navigate to the Applications folder.
  2. Select the scareware from the list of applications and drag it to your trash can.
  3. Right-click the trash can and select Empty Trash.

Once you’ve uninstalled the scareware from your computer, open your antivirus program to run a full scan and remove all viruses. 

How to prevent scareware attacks?

Prevention is better than cure; the ideal situation is that you never get scareware from the start. Follow these tips that go a long way in preventing scareware attacks.

  • Use the full range of cybersecurity and network tools. Tools like an antivirus program, firewalls, ad blockers, and a VPN are your line of defense against cyberattacks, including scareware.
  • Use genuine antivirus software. Antivirus from a trusted provider will alert you to threats, swiftly quarantine malware, and remove it from your computer.
  • Never click on malware notifications. Don’t be hasty in clicking that “download” button on a pop-up. Instead, close your browser using your computer’s Task Manager.
  • Enable pop-up blockers. Preventing pop-ups can help prevent your screen from filling with advertisements for fake security programs. Disable pop-ups from the settings page of your browser.
  • Keep your browser up to date. This helps protect against scareware pop-ups by ensuring your browser is on its latest security patch. Consider enabling automatic updates.
  • Verify new software before you buy it. Think twice before providing personal or credit card information to a company that seems suspicious. A quick Google search can help you distinguish between genuine and fake software.
  • Avoid accidental downloads. Do not use the “X” or “Close” buttons when trying to navigate away from a scareware pop-up, as this may trigger malware to download. Instead, close the window from your computer’s task manager.
  • Monitor your device for malicious activity and Indicators of Attack (IOA). After successfully removing malware with an antivirus, monitor your device for any suspicious activity.

FAQ: About scareware attacks

Is scareware a type of Trojan?
How does scareware spread?
Are pop-ups saying you have a virus real?
What do fake virus alerts look like?
Phone protected by ExpressVPN.
Protect your online privacy and security

30-day money-back guarantee

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
Sentient AI scouring the internet for photos of Paddington bear photoshopped into other movies and shows.