Scareware Scam almost snags Victim

Cybercriminals know that the best way to get their claws on the next victim is to appeal to their emotions, not logic.

4DThere’s lots of scary things in life, and one is learning that your computer has been infected with a virus. If this happens, you’re now vulnerable to spending money on getting rid of the malware. The tactic of scaring users is called scareware.

  • A pop up tells you “Warning! Your Computer Has Been Infected with Malware!”
  • The pop-up can be triggered by visiting an infected website or by making a bad click.
  • The pop-up can’t be closed out, or if it can, another appears.
  • Additional information in the pop-up lures you into clicking a link inside it, such as buy some downloadable security software that will destroy the virus.
  • Once the alleged security software is downloaded/installed, it crashes your computer—even if you already have a legitimate security software program in place.
  • You’re screwed at this point. (Hope you had all your data backed up before this happened!)

Here’s another way the scam can unfold, from someone who wrote to me:

I was notified by a notice supposedly from Windows Security that my PC has been attacked.  They claim that all my PC ID numbers were stolen and that Russia had got about 8-12 other IDs.  They took control of my computer and said they scanned it to find this out. They claimed the only way that I could clear this problem was to have them clear it for $199.99 and security for 1year (sic) for $149.99.  They said the only way to accomplish this was by check.  They said it couldn’t be done by credit card because them (sic) numbers would be stolen too.  I refused to go along with that plan and closed them out.  

P.S. I checked my account and it is paid thru 6/2016.  How do I know if I get a notice from Windows that it is legit? 

All windows notifications come via Windows Update. That “pop-up” emanates via your notifications area on your taskbar and NOT a popup via your browser. What a mess.

Protect Yourself

  • Use security software only from a name-brand company.
  • Keep it updated.
  • See a pop-up? Close it out. Never click inside it—which you can’t do if you close it out immediately.
  • Exit the site you think triggered it.
  • Play it safe and run a scan using your legitimate security software.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.