National Crime Prevention Council
1000 Connecticut Avenue, NW, 13th Floor
Washington, DC 20036
Original Post: January 2009
“Scareware” Offers, Then Steals, Peace of Mind —
and Victims’ Money
Scareware, new software programs that prey on people’s fears about their online security, are devious, dangerous—and professionally executed.
By Martin W.G. King, NCPC Staff
If you think they’re always out to get you, well, sometimes they are. One of the latest cyber scams preys on people’s fears about their online security and tricks them into buying peace of mind with bogus security software. Unfortunately, if you fall for this scam, you may be out your confidence in your Internet experience as well as your money.
The programs used in this scam are called “scareware” because they exploit consumers’ fears of online viruses and security threats. They all operate pretty much the same way—by a popup, an email, or an ad that claims “malicious software” has been found on your computer. The message then offers you a free “fix” for a sum that usually starts around $40.
Once you agree to spend the money and provide your credit card information, the program tells you that your problems are fixed. Some of the scammers are very professional, even offering legitimate looking receipts with phone numbers to call for more information. The fact that a person answers the phone at that number doesn’t mean the operation is legal. And a person who falls for the pitch may be out more than their money; bogus software that’s actually loaded could itself be harmful to their computer.
Because this is such a lucrative scam, the cyber criminals who commit this fraud go to great lengths to perfect their schemes. They buy ad space on trusted, popular websites. Their ads look legitimate to the websites’ operators, and no alarm bells sound.
The Federal Trade Commission (FTC) has tips for detecting a possible scareware attack. (pdf)
The FTC advises that if you’re faced with any of the warning signs of a scareware scam or suspect a problem, shut down your browser. Don’t click “No” or “Cancel,” or even the “X” at the top right corner of the screen. Some scareware is designed so that any of those buttons can activate the program. If you use Windows, press Ctrl+Alt+Delete to open your Task Manager, and click “End Task.” If you use a Mac, press Command+Option+Q+Esc to “Force Quit.” If you get an offer for a “security scan” or similar proposal, search for the name of the enterprise on the Web. That can help you determine if the offer is legitimate.
The FTC is actively pursuing the perpetrators of scareware crimes. In early December, the U.S. District Court for the District of Maryland, at the FTC’s request, issued a temporary halt to a massive scareware scheme, which falsely claimed that “security scans” had detected viruses, spyware, and illegal pornography on consumers’ computers. According to the FTC, the scheme had tricked one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of the accused scammers so they could be available to the victims if redress was ordered.
Go to GetWiseNet, a project of the Internet Education Foundation, for a list of security tools from legitimate security vendors.
Visit www.OnGuardOnline.gov to learn more about protecting your computer from bugs, viruses, and scammers.