98% of all cyber-attacks may rely on social engineering but scareware depends on it entirely, as it seeks to scare its victims into performing an action that will prove detrimental.

What Is Scareware?

In its most basic form, scareware is a type of malware. As the word implies, it uses scare tactics to pressure a user into downloading or purchasing fake and potentially malicious software. By manipulating users into feeling anxious or panicked, scammers can acquire money as well as confidential data. 

Scareware often takes the form of a popup advert that displays alarming warning signs about a virus that’s infiltrated a computer or mobile device. These warnings are fake but continuously prompt the user to take action, interacting with the ad to get rid of the perceived threat to their device. 

As the user does this, they are in fact installing malware, instead of getting rid of it.

There are whole websites dedicated to this type of fraud. Some make money from users paying for a fake IT helpline and others want their software downloaded to harvest private information or gain access to bank accounts and other systems.

Protect Your Business from Social Engineering Attacks

Scareware is just one type of social engineering attack. See the rest and find out how to defend your business.

Read More

What Happens to Victims of Scareware?

Scareware is vast, and there are several different things that can result from it. 

The least harmful outcome is that users will waste money buying useless, unnecessary software, also known as bloatware. At worst, scammers will further infect a device and use the compromised data to commit credit card fraud, identity theft, or recruit your machine into an existing botnet army.

It can be hard to know if you’ve been a victim of scareware, but very often some form of malware will be part of the whole package.

This malware might work in tandem with the scareware, controlling a browser to do things like change your homepage, force the user through injected ads to essentially steal money from affiliates, or even auto-run affiliate search engines to generate money per query.

Even if these scams aren’t present or obvious, if your system is running slow, is unable to run genuine antivirus software, or popup ads appear constantly, your computer may have been attacked. 

How Does Scareware Work?

In most cases, a scareware scheme usually ends with the fraudster stealing users’ money and/or information. This is what a typical scareware victim will experience:

  1. A user visits a website and a popup suddenly appears. It states that there is a virus on their device. This ad might also mimic messages from genuine security software to persuade a victim to click on it or perform another action.
  2. The user either clicks the link or tries to close the advert, which can sometimes trigger malware to download (usually via fake buttons).
  3. Popups continue to appear, reiterating the urgency of such a virus. This pressures the user to act quickly, sometimes threatening file deletion.
  4. The user might pay for associated bloatware, thinking it will solve the problem – though defrauding the user out of money was the only goal for the scammers.
  5. If the user has been persuaded to download malware, there are several avenues from there. Scammers might harvest sensitive information like credit card details, harass the user with constant ads, force them to navigate to unwanted websites or pressure them to download more software.
types of social engineering

Scareware Examples

There are several different ways that scareware can manifest, including:

  1. Websites: About 20% of malicious domains are very new and used for around one week after they are registered. These sites are built purely to infect computers in a way that no matter where users click on the site, malware automatically downloads onto their device.
  2. Popups and popup ads: There is a spectrum of looks and invasiveness when it comes to popups, meaning that it’s important to be suspicious of any unexpected ad. Some ads take over the entire screen, preventing visitors from accessing the site they were on. As a result, the user will attempt to close the window via a fake close button, which instead triggers a download. Other popups might be small dormant banners hiding in a corner but are no less malicious to the system. 
  3. Operating system: To make the scam believable, popups can imitate the look of a notification window, as if it has come directly from your operating system.
    • Because scareware and malware can alter internal computer settings, like changing the wallpaper image, some users can panic and click on a popup window that looks as though the OS is offering antivirus support. 
    • These malicious notifications will be set up so that even if a user tries to close the window, it will direct them to a scam website or trigger malware to download, escalating the infection. This is known as clickjacking.
  4. Mobile applications: Similar to how scareware works when browsing the internet on a desktop or laptop, browsing the net on mobile has the same initial popup warning but with a different outcome: It triggers the download of a malicious application. These downloads can again spy on the user and collect sensitive information, which can lead to your phone number being stolen and hackers to commit SIM swap fraud, or gain access to your OTP passwords.
  5. Scareware emails: Figures show that 94% of malware is delivered by email. Scammers send spoof emails to recipients, pressuring them into downloading “antivirus” software, or signing up for “antivirus services”. There will be a perceived threat to the users’ system that adds to the coercion. The details that fraudsters gain in this process are used for further criminal activity, like identity theft.

How Does Scareware Affect Businesses?

It’s important to understand why scareware shouldn’t be taken lightly no matter the size of your business: 

  1. Disrupts operations: Employees must stop working to resolve issues with IT, meaning crucial hours are lost. Incomplete work will likely have a knock-on effect on the rest of the business, and other colleagues too. 
  2. Disables significant services: If employees must stop working, there’s a risk that certain services your business provides might need to cease temporarily. This can cause significant enterprise losses.
  3. Makes for unhappy customers: Depending on the nature and scale of the attack, it might affect the way you serve your customers or clients, losing you their custom as they seek similar services or goods elsewhere.
  4. Steals crucial information: If the scareware leads to an employee installing spyware on their system, the fraudsters behind it can steal and use business bank details and other sensitive information. Private information such as passwords can be stolen as well.
  5. Causes loss of control of device: Sometimes malware downloaded through scareware can allow hackers to control applications and devices remotely. This allows them to locate sensitive files easily and again prevents the employee from working.
  6. Comes with compliance risks: Under privacy laws and other mandates, companies have to pay fines if customers’ or even employees’ sensitive information is leaked. Moreover, this often is made public under GDPR law, bringing reputational damage.
  7. Can enable affiliate fraud: Some websites pay a per-click premium to other websites that direct traffic to them. This structure can be abused by scareware and associated malware, forcing customers through links that appear to lead to a website but actually first connect to the affiliate link, triggering the payment for the malware owner.

How to Protect Against Scareware

Successfully mitigating scareware-related threats can only be a result of a multi-pronged strategy, no matter if you’re an individual or manager looking to safeguard your company. Let’s take a closer look.

Scareware Protection for Individuals

As most malicious domains (about 60%) are associated with spam campaigns, it is important to remain vigilant when browsing online and to be able to recognize scareware attacks. This means avoiding clicking on popups and closing the browser tab instead.

Individuals can start by using antimalware (antivirus) software that verifies files as legit before and after downloading, as well as one that has a web shield, which blocks the sources of some malicious ads. 

Users can also install adblockers, many of which can be used as a browser plug-in to prevent and reduce the number of popups that appear. 

How to Protect Your Business Against Scareware

For companies, it is key to invest in educating employees on the risks and steps to avoid them. Providing training on how to identify scareware and recognizing the classic signs of these threats will decrease the chances of hackers gaining access to your private information. 

Beyond this, there is firewall software that blocks suspicious and/or unknown connections, as well as security tools that run in real-time to protect a company’s systems.

Keeping your marketing and security teams aware of affiliate fraud will also be key to minimizing losses to fraud.

Monitoring any advertising affiliates closely for suspiciously good conversation rates – the rates they direct traffic to your site – will prevent fraudsters from hijacking organic traffic as their own. This is key in certain industries; for example, affiliate fraud in iGaming is a pain point for gambling operators.

An educated workforce, combined with a well-equipped security stack deployed across the company’s network, will provide excellent protection against scareware, as well as other fraudulent attacks.

How to Report Scareware

It’s important to act quickly as soon as you think there may have been a breach in your system. You can report a threat or infiltration of scareware to your IT department, depending on your company’s procedures.

Individuals can report a complaint of scareware to the FBI’s Internet Crime Complaint Center. 

If based in the UK, you can report a suspicious website to the National Cyber Security Centre, who will investigate it.

Realistically speaking, individuals who are not as comfortable with technology might want to speak to an IT expert if they realize they have fallen victim to scareware. A professional will be able to identify the extent of the damage caused as well as clean up your system.

Related Terms

Related Articles


Speak with one of our fraud experts

Feel free to reach out with any fraud-related questions or comments - we’ll get back to you as soon as possible.