The internet can be a scary place, especially to trusting people. It is no secret that hackers, thieves, and scammers use the web because they can “hide in plain sight” behind fake user names and bogus organizations, stealing people’s money with very little to fear from the authorities (at least so far).
One of their main tactics is scareware, where you suddenly get a pop-up that reads in big, bold, red letters: “We detected suspicious activity on your computer which may be infected. Contact our Certified Live Technicians at 1-800-XXX-XXXX for help in removing this threat”; or something to that effect. More often than not, the trusting user calls the number. BIG MISTAKE!
The “technician” asks for credit card information to charge a “modest fee’ for their services. Again, more often than not, the trusting user complies.
Additionally, as part of the scam, the “technician” then gets remote access to the computer. Many times, what the user sees is what the hacker wants you to see. For instance, they may flash code across the screen suggesting that the virus is being removed by sophisticated super anti-malware programs; meanwhile malicious code is secretly downloaded to the target in the background.
It’s all bogus of course. There never was an infection, but now the criminal has a credit card number, confidential information, and has probably left behind malicious software to further victimize the user.
How did this happen in the first place?
Scareware infections can happen in a number of ways:
- You may have downloaded a program that came packaged with Potentially Unwanted Programs (PUPs) and they activated without your knowledge.
- You activated a preinstalled program that came bundled with a new computer whose website was targeted and infected by hackers. So, when you activated the software you were automatically directed to their site — and were infected.
- You separately visited a site that was already infected which automatically downloaded the malware when you visited it.
How to protect yourself from Scareware infections
- Review carefully and remove unwanted bundled software from newly purchased PCs. In tech jargon, we call these programs, “crapware” and for good reason. They are not needed and serve to slow down and clog your system while inviting infections with their questionable security.
- If you do get a pop-up like we described above, NEVER call the number or click on any link. This is a scam. Legitimate companies don’t operate this way.
- NEVER let anyone you do not know and did not investigate properly remotely access your computer. If you do, then you’ve just handed a criminal “the keys to the kingdom”.
- Although some PUPs may evade antivirus programs, always keep your antivirus and anti-malware programs updated and run them frequently. They usually will stop and clean infections that were previously identified in the wild.
- Periodically (and especially if strange things seem to be happening on your PC), go to the Control Panel in Windows and peruse the installed programs. Investigate anything you don’t recognize and remove them if warranted. It’s best to have a professional do this since you do not want to remove any programs your system needs to run.
- Always make sure you have a backup (either data backup or better yet, an image-based backup) in case whatever is placed on your machine wipes out or encrypts your hard drive.
- If you’re a business, always have your company’s computer systems managed and maintained by a Managed IT Services Provider (MSP) like XSolutions. This way, infections can be detected and dealt with immediately and completely. Also, an MSP will monitor your network for suspicious activity and will quickly act when detected, minimizing damage to your network.
Scareware is a very effective tactic used by scammers to separate you from your money. In fact, studies suggest that worldwide, one million people fall victim every day to this scam. One operation closed down by the FBI bilked $74 million from its victims — and that was only one scam operation! There are thousands of scams being run every day.
The best way to avoid getting scammed is to be alert and not fall for bogus pitches. Your trusted Computer Support Professional is your ally in the war on cyber-crime and your Managed Services Provider (MSP) is your key to keeping your business, employees, and customers safe.