Don’t panic and other tips for staying safe from scareware
For both individuals and enterprises, fear is quite a reasonable reaction to the discovery of a compromise. Malware on a computer can in fact do serious damage. However, the reaction of fear is itself an attack vector for certain threat actors, who take advantage of the fear of others through the technique known as scareware. Scareware is a social engineering method that gets around the need for complex malware as an initial infection vector, instead using the threat of it to convince a user that they have already been compromised, and to download an attacker-provided anti-virus tool that is itself malware.
Scareware usually comes from one of a few vectors, most of which are rather impersonal. The simplest vector is pop-up ads. These can be effective, especially when crafted to masquerade as an existing anti-virus software. Phishing emails and social media messages can work on the same principle. Perhaps the most dangerous form, and the most involved, is the tech support scam. Occasionally, users are called directly by a threat actor purporting to be a tech support representative, claiming that the user’s device is infected with some malware, and asking the user to download remote access software in order for them to allegedly fix the problem. They will then use this access to exfiltrate personal data and install malware on the target device.
Scareware, like many forms of social engineering, depends on people’s ignorance to be successful. In order to be resistant to it, the most important thing is to be aware that it exists, and to take note of the signs that show someone is trying to deceive you. Since it depends on creating a sense of urgency, anything that demands you act immediately should be considered suspect. Before installing any antivirus software, verify that it comes from a known and trusted source.
