Before 2010, many users of personal computers (PCs) and laptops complained about pop-ups while using the internet. In later years, with browsers embedding blockers in the software, these pop-ups disappeared. But in the digital space, nothing actually disappears. It may remain hidden, but anything and everything in cyberspace stays forever.
In the early 2000s, cybercriminals tricked people into thinking that their computers were infected by showing fake antivirus (AV) interfaces and detecting non-existent threats. Panicked users purchased licences for these fake programs, which only simulated antivirus functionality without offering any real protection. Some even uninstalled their genuine antivirus software, believing that the fake one was superior. The fake antivirus scams used to be a goldmine for cybercriminals, generating hundreds of millions in illicit profits.
In the present digital age, cybercriminals are constantly evolving new tactics to exploit unsuspecting users. In the process, they have rediscovered a hidden gem in pop-ups disguised as warnings or alerts about malware and viruses. Pop-ups that are designed to scare users into clicking a link or buying a program being offered—this is also known as scareware. Do you need to worry about such pop-ups or scarewares in 2024?
Yes, you should. Using new-age technologies and tools, cybercriminals are able to revive the scareware business, in a way that is more sophisticated and more challenging to spot. Today, cybercriminals are rehashing this old scam, capitalising on the public discussion about cybersecurity following numerous data breaches and cyber incidents in previous months.
According to security services-provider Avast, criminals have refined the fake antivirus scam with two significant changes: promoting and selling genuine AV software and abusing notifications on the Windows operating system (OS). Instead of pushing fake software, these scammers now promote well-known antivirus brands like Avira, AVG, Avast, Norton, McAfee, Kaspersky and others. The renewal process occurs on the actual antivirus company's website, adding a layer of credibility. By promoting legitimate antivirus products, cybercriminals can exploit affiliate programs to earn commissions on each sale.
Cybercriminals are also exploiting the Windows notification system to make their alerts look like genuine warnings from the OS. This tactic makes the scam much more convincing, pushing users to act quickly. I doubt if any Windows user would want to take a risk when the OS sends an alert about something. These scams prey on fear and urgency, often leading victims to download malicious software or reveal sensitive information.
According to David Jursa, malware researcher and Luis Corrons, security evangelist at Avast, the old fake AV scams, where cybercriminals made millions, demonstrated the effectiveness of exploiting fear and urgency. "Now, with the added layer of legitimacy provided by the illegitimate promotion of real antivirus products and the Windows notification system, these scams are more convincing than ever."
During the June quarter alone, Avast protected over 1mn (million) users from these attacks. "While the attacks are occurring worldwide, they are particularly active in North America, South America and Europe, with significant incidents also reported in countries like India or Japan."
Let us understand how fake AV scan scams work and then we will discuss some suggestions to protect you from becoming a victim of these frauds.
The fake antivirus scan scam, typically, begins when a user visits a website and receives a pop-up ad or even an email warning that their device is infected with viruses.
The message might look something like this:
"Your computer has been infected with [X number] of viruses!"
"Immediate action required: Scan your computer to remove threats now!"
"Your system performance is at risk! Click here to download the recommended antivirus software."
The alarming nature of these messages is designed to cause panic. Once you click on the link or pop-up, you will often be redirected to a fake website that mimics the interface of legitimate antivirus software. The scam continues as the site or software runs a fake 'scan' showing exaggerated or false results, claiming your system is compromised.
As a solution, you would be asked to download the (malicious and bogus) AV software or pay for a service you do not require. Sometimes, the website may even ask you to share personal and sensitive information, including financial details.
However, as with most of the frauds, here too there are some red flags that anyone can spot. The two most important are unsolicited pop-ups or emails from an AV company and urgency and panic-inducing text used in the message.
Remember, legitimate antivirus software does not usually send pop-ups out of the blue unless you have installed the AV on your system. Further, fraudsters often use fear tactics to force immediate action by the users. Genuine security software provides details and options but does not create panic or ask for immediate action from you.
You should also beware of unexpected redirects to other websites and unfamiliar names of the AV, mainly those sounding identical to real AV programs.
One of the most important red flags is the massive number of threats shown within seconds after the 'scan' urging you to take action.
Beyond infection warnings, scammers also use messages like 'Your Google account has been hacked' to instil fear and urgency.
As with most cyber frauds, awareness should be your first line of defence. By taking a few practical steps, you can avoid falling victim to these scams.
1. Use Trusted Antivirus Software
Ensure that your device is protected with well-known, reputable antivirus software from trusted companies. Brands like Norton, McAfee, Bitdefender and Kaspersky offer legitimate services and ongoing protection. Always download antivirus software directly from the company's official website or a certified app store.
2. Enable Automatic Updates
Cybercriminals frequently exploit outdated software vulnerabilities. Keep your operating system, browsers and antivirus programs up-to-date by enabling automatic updates.
3. Avoid Clicking on Unsolicited Pop-ups
Never click on pop-up messages or ads that claim your device is infected. If you are concerned, close the browser and manually run a scan using your trusted AV software. Never trust alerts that appear while browsing unless they come directly from your installed software.
4. Be Cautious with Email Links and Attachments
Phishing emails often include fake warnings about malware infections, encouraging users to click on links or download attachments. Always double-check the sender's email address, avoid clicking links in unsolicited messages, and verify the legitimacy of any urgent warnings with the actual software provider.
5. Verify before Taking Action
If you see a virus warning on your screen, take a moment to verify its authenticity. Search for the alert message online and check if it is associated with known scams.
6. Use Pop-up Blockers
Most modern browsers allow you to block pop-ups which can reduce the likelihood of encountering fake antivirus messages. Ensure that pop-up blockers are enabled, especially for untrustworthy websites.
7. Trust Your Instincts
If something feels off, it probably is. Legitimate companies rarely use alarmist tactics to get you to install software or pay for services. If a message or pop-up seems suspicious, trust your instincts and block it.
8. Use Multi-factor Authentication (MFA)
Enabling multi-factor authentication adds an extra layer of security to your online accounts. Even if a scam compromises your device, MFA makes it harder for attackers to access your accounts without the second authentication step.
If you have already downloaded some software based on the pop-up alert, or fallen for a fake antivirus scam, immediately take the steps below.
- Disconnect from the internet: This limits further damage by cutting off the malware's access to external servers.
- Run a full system scan with legitimate and trusted AV software: Use trusted antivirus software to detect and remove any malicious software.
- Change passwords: If you entered any sensitive information during the scam, change your passwords for all accounts, especially your email and financial accounts.
- Contact your bank or credit card issuer: If you provided financial information, inform your bank to block fraudulent transactions or issue a new card.
- Seek professional help: If you are not sure of how to remove malware or assess the damage, consult with a cybersecurity professional.
Fake antivirus scan scams are designed to exploit fear and urgency. By staying calm, recognising the signs, and taking preventive measures, you can safeguard your devices and personal information from these malicious tactics.
Always be cautious about unexpected pop-ups and download software only from trusted sources. In the digital world, a little vigilance goes a long way in protecting yourself from cyber threats.
Stay Alert, Stay Safe!