Many of us have either encountered scareware firsthand or known someone who has. Scareware encompasses a plethora of malicious software disguised to look like legitimate programs such as antivirus or other programs designed to keep our computer safe. These programs have also been coined “Rogue Security Software”. Instead of protecting your computer, these programs trick the user into believing their computer system is infected with a magnificent number of critical issues. These critical issues range from viruses to catastrophic Operating System (OS) issues which if left unfixed will have a devastating impact on the user’s system. Scareware then tells the user it can fix these issues if the full version of the scareware program is purchased. Once a user purchases the program, the critical issues identified by the scareware program are resolved. Scareware typically targets Microsoft Windows OS’s since a majority of consumers use it; however, don’t be fooled, scareware exists for Mac as well as Linux distributions.
Scareware can have a catastrophic effect on a user’s computer. Scareware tricks the user by not only displaying fake critical issues but usually also by rendering a computer inoperable. Along with making a computer system go crazy, scareware more often than not also has the potential to install malicious code onto the computer. This malicious code paves a path for these cybercriminals to conduct additional attacks. These attacks include but not limited to data exfiltration, sabotage or any other number of cyber-attacks.
Scareware infiltrates your system when a user installs it under the pretext that it is legitimate software or by drive-by-downloads (DbD). DbD is beyond the scope of this article but in short is nothing more than the unintended download of software originating from the Internet. This can happen by going to a website and installing a Java or Active X component or by simply viewing an email message.
Protecting yourself against scareware is easy and can be done by following these simple guidelines:
1. Ensure that you have a firewall installed and is turned on. Many operating systems such as Windows comes with a built-in firewall.
2. Ensure that you have your operating system set for automatic updates. This will ensure your system is patched against the lasted security threats.
3. Make sure you install a respectable antivirus program such as Norton, McAfee, Trend Micro, etc… If you are a DoD employee, the U.S. Gov’t provides a free antivirus program for home use. Check with you local installation Information Assurance Manager (IAM) for more information.
4. Make sure you install a respectable antispyware program such as Malwarebytes or Webroot. Windows also comes with Windows Defender preinstalled.
5. Familiarize yourself with the latest phishing scams by checking out the FBI’s E-Scams and Warnings site ( www.fbi.gov/scams-safety/e-scams ).
6. Be extremely cautious when going to unknown websites or when opening up emails from unknown senders.
7. Never use an Administrator account. Rather, set yourself up with a standard user account and make sure you have your User Account Controls in Windows enabled.
This information is based on my own training and experience.