Fight the fright of scareware
Unlike your typical malware, spyware or ransomware, scareware takes the form of genuine security protection. It frightens you into paying to clean up the infections it pretends to detect.
Fear is one of the greatest motivators. This is especially true in a world of disrupted workforces and rapidly evolving threats. With so much being developed that we’re unaware of, it’s easy to be tricked into believing a ‘threat’, without even verifying whether it’s an actual threat. This is the terrifying crux of scareware.
Full screen, full fear, full threat-in-disguise
Imagine a giant pop-up taking over your screen, warning you of a dangerous infection which will damage your critical information unless you do something to stop it right now. Thankfully, right beneath this ‘scary’ message is the perfect solution: a fee to unlock the only threat cleansing software that can eliminate this threat.
This is a common, and often experienced, form of scareware. The inherent problem with it is that the very software masquerading as malware removal for your machine, is actually the very software that infects your critical systems by installing malware.
This is just one example of a range of cyber threats you need to make sure your business and employees are constantly up-to-date with. Download our free ebook, ‘Cybersecurity: Smart threats need a smarter defence’, which helps you understand these threats and how to better safeguard against them.
A threat that’s tough to distinguish
Many scareware programmes are known to replicate the interface and design of other well-known malware protection programmes, making it even harder to distinguish between genuine solutions and those that pretend to be. Often, these programmes even carry the same or similar names as reputable providers. Gone is the era of being able to see through these threats via bad grammar and typos, which makes it all the more essential to stop and really consider what’s being served to you.
If attackers are upskilling and scaling their means, so should you when it comes to realising what a scareware attack is and how to avoid it.
Have no fear: you can fight the fright of scareware
1. Don’t pay the price — otherwise you will pay the price
Attackers are often well funded and well resourced. Many forms of scareware removal software are ‘free’, but a large portion come at a price. By simply ignoring the threat and refusing to pay, no matter how convincing the message, businesses and would-be victims can cut off the very resources these attackers rely on to deploy threats.
No matter how quickly pop-ups appear on your screen, shut down your browser, email or whatever programme spawned the message immediately, and contact IT or technical support.
2. Don’t blink. Don’t believe the threat.
A tactic often used in this type of attack is a big window takeover, with a scary warning from authorities that you’ve transgressed specific privacy and protection laws and, as a result, are now a person of interest for having viewed illegal content. It often demands payment of a spot fine and is a message that can be incredibly difficult to close.
In spite of the unnerving message, don’t believe it. Even if the window shows some private IP and location information, do not be spooked. Attackers will often abuse native data available on any web page to relay this sort of information. Simply call the attackers’ bluff and force quit your programmes using your task manager.
3. Backup is always a frightfully good idea
While scareware may come in many forms, it’s really difficult to decipher between genuine system errors and a piece of well-designed malware. Any business, of any size, can fall victim to it. The question is, how do you equip yourself to prevent what feels like the inevitable? With scarily good online backup from a premium and highly-available online provider.
By knowing that, at all times, all critical data is safe and secure in the cloud, any threat — even the kind that uses scare tactics to deploy malware — can easily be overcome, making it hassle-free to neutralise and seamless to restore.
Don’t fear scareware
As more businesses become comfortable with remote work, and as more employees work from private and public spaces, threat-driven traffic is becoming a daily reality. A large contributor to this kind of traffic is scareware. By relying on opportunity and fear, attackers hope to scare potential targets into opting into solutions that are just a means to further infect and compromise. When faced with this scary reality, all businesses and employees need to be confident in the tools they use, the nature of their traffic and connectivity. No matter the message, don’t be fooled by fear when it comes to scareware.
