Don’t be a Scareware Victim

Let me tell you a story:

There you are, checking the latest Fantasy Football stats and suddenly a pop-up appears to announce that the “Doom32” Trojan has been discovered, among other things, on your machine and that if you just follow the link provided, you can scan your system for free and learn how you can clean out the malware once and for all. You stare a moment at the Norton icon at the bottom of your screen and wonder why this expensive suite of defensive software couldn’t stop something called “Doom32” and then click on the link.

The link takes you to a website that seems a typical product sale site. They show the box of the anti-malware software, features and comparisons with products like McAfee and Norton, and after scanning through all that you see the free scan button. You hit it and the scan begins. While it progresses, you see a slideshow that details how wonderful the featured anti-virus product is and all the things it can take care of. The scan ends and you are presented with a list of Trojans and worms, viruses, of all description, adware, spyware—anything that looks believable. Why didn’t Norton stop all these? Good thing the featured product can get rid of them and for only $49.95 with a year of free updates. Norton is beginning to look like over-priced garbage. After all, it was part of the bloatware that came preinstalled on your computer and you would not have chosen it yourself and here is an opportunity to trade up. You fish out your wallet and hit the Buy Now button.

The software downloads, you run it, wait, watching the snazzy progress bars and file lists do their thing and after a while, the thing pings at you and lets you know that it has identified all the malware. You click on the Clean button and after a minute the window empties of malware and your system is announced to be clean. You heave a deep sigh of relief and go back to the Fantasy Football, oblivious to what you have just done. As for that, there is only one thing I can say:

Boo! You are a victim of scareware.

The FTC is On to Scareware

According to the Federal Trade Commission (FTC), scammers can now create realistic, but phony “security alerts.” The “alerts” look as if they come from your computer, exploiting your fear and loathing of online security threats; but they really come through your browser, courtesy of a cyber-criminal somewhere.

Identifying Scareware

According to the FTC, the scammers go to great lengths to make their product and service look legitimate. There are also a number of variations on the basic scam to keep victims guessing. Still, there are telltale signs you should look out for:

·        Ads promise to “delete viruses or spyware,” “protect privacy,” “improve computer function,” “remove harmful files,” or “clean your registry”

·        Sudden “alerts” about “malicious software” or “illegal pornography on your computer”

·        Invitation to download free software for a security scan or to improve your system

·        Pop-ups that claim your security software is out-of-date and your computer is in immediate danger

·        An unfamiliar website claims to have performed a security scan and prompts you to download new software

The Dangers of Scareware

Aside from the obvious, getting you to buy something you do not need—Norton did not detect Doom32 because the virus was never there to begin with—you usually have to visit a website you do not know and download software from that site. That fact exposes you to attack from the site itself as well as from anything you download. You could be opening yourself up to malware of all sorts that range from benign adware to highly destructive viruses. You are exposing yourself to identity theft and you may be turning your computer into a spam-bot, that will connect to the Internet and send spam and malware to other unsuspecting victims. Moreover, since you probably had to remove your existing protection, you may well be wide open to attack every time you log on.

Now that is scary!

What to Do if You Get a Scareware Offer

The FTC suggests this course of action at the first sign of scareware trouble:

If you’re faced with any of the warning signs of a scareware scam or suspect a problem, shut down your browser. Don’t click “No” or “Cancel,” or even the “x” at the top right corner of the screen. Some scareware is designed so that any of those buttons can activate the program. If you use Windows, press Ctrl + Alt + Delete to open your Task Manager, and click “End Task.” If you use a Mac, press Command + Option + Q + Esc to “Force Quit.”

The Bottom Line

Spam is spam for a reason. Remember that, especially if you get an offer. If you must look into the offer, then check out the company and the program by entering the names in a search engine such as Google. I would suggest you also hit Yahoo and MSN search as well, since you may get different results. What comes up in the search can easily help you determine if the company and their product are legitimate or not.

On the other hand, there is always this basic rule: If I did not request it, I do not want it. Follow that rule and most of these problems—most, not all—will evaporate. Regardless, be careful out there.

Report possible fraud online at ftc.gov or by phone at 1-877-FTC-HELP. Details about the purchase — including what website you were visiting when you were redirected — are helpful to investigators.

Visit www.OnGuardOnline.gov to learn more about protecting your computer from bugs, viruses and scammers.