Online Scams

What is scareware? And how to spot online scareware scams

Has this ever happened to you? You’re browsing online when a pop-up ad appears on your screen warning that your computer is infected with dozens of viruses. The ad says that you can remove them by buying antivirus software that will immediately eliminate them.

If you’ve seen this, you’ve been hit with a scareware attack. Scareware is a scam in which cybercriminals attempt to gain access to your credit card information, and often your computer itself, by tricking you into buying fake antivirus software. The prices they charge for these fake antivirus programs vary, but you might be asked to shell out $29, $50, or even $100.

If you fall for this trick and install the program on your computer, not only will you have given up your credit card information to a scammer, you’ll also have installed malware on your computer. The scammers can use this malware to access your files, send out fake emails in your name, or track your online activity.

Fortunately, you can avoid scareware by keeping your computer’s programs updated, installing real antivirus software, and relying on a bit of common sense.

What are the scareware warning signs?

The first step to protecting yourself is to recognize the warning signs of scareware.

The pop-up ad is especially dire

The makers of scareware want to frighten you so that you’re more likely to purchase their fake product. That’s why the text of these pop-up ads usually contains dire warnings that your computer is infected with hundreds of viruses, or that these viruses will immediately cause your computer to crash. The more menacing the claims are, the more likely you are dealing with scareware.

The ads warn you to act fast

Speed is important to scareware scammers, too. The people behind these attacks want you to purchase and install their malware quickly, before you have a chance to think about it. If a pop-up demands that you act immediately, it’s probably scareware.

The pop-ups are exceptionally hard to close

Scammers want their scareware pop-ups to remain on your computer screen as long as possible. If it’s difficult to close the pop-up ads, or if clicking on the “X” button to close them instead brings up more warnings, you’re likely dealing with scareware.

You’ve never heard of the software company

If the name of the antivirus software being hawked is one you don’t recognize, that’s another likely sign that you are being scammed. Some known names of fake security software — often referred to as rogue security software — include Advanced Cleaner, SpyWiper, System Defender, and UltimateCleaner.

They’ll immediately “scan” your computer for viruses

To make their warnings seem even scarier, many of these scareware pop-ups will seemingly start scanning your computer for viruses, displaying a list of the dozens or hundreds of viruses they claim to be uncovering. However, scareware programs aren’t really scanning your computer. The results they’re showing are fake.

Why do fraudsters use scareware?

There’s a reason why scammers turn to scareware so often: it’s an effective way for them to steal your credit card information, trick you out of your money, and gain access to your computer.

If you click on the button to download a rogue security program, you’ll often be taken to a payment screen where you can enter your credit card information. Not only will you be charged for a security program that doesn’t work, you’ll have provided your financial information to a scammer.

You might later start receiving messages from the same rogue security software asking you to upgrade to a more expensive version. Again, the scam here is to trick you into paying for something you don’t need.

Other forms of scareware might disable any existing antivirus program on your computer or install malware or spyware on your machine. Once this happens, the scammers might gain access to your computer’s saved files, take over operation of your computer, track your surfing, or steal even more of your personal and financial information.

The installed software might also slow down your computer, prevent you from installing legitimate security software, and fill your screen with annoying pop-up ads.

What should you do about scareware?

What if an ad pops up on your screen with dire warnings that your computer is infected? Never click on its "download" button.

Always close the ad. Just be careful: Some scareware is difficult to close and is designed to trick you into accidentally starting a download. It’s best to close your browser rather than the individual pop-up ad. If the pop-up ad won’t let you close the browser on your PC, try Ctrl-Alt-Delete to shut things down (if you’re a Mac user, try Command-Option-Esc to open the Force Quit applications window). If you can’t close your browser, do a hard shutdown of your computer.

Never provide credit card information or other personal information in response to one of these scareware ads.

Don’t let a scareware ad frighten you away from purchasing legitimate security software, such as the products offered by Norton.

Never download anything from a company whose name you don’t recognize. And be careful of fakes. Many scareware scammers will use names that sound like the names of legitimate antivirus programs.

4 ways to avoid scareware on the internet

Here’s how you can help keep scareware at bay.

1. Keep your browser updated

Updates can be annoying, but don’t ignore them. By quickly approving updates to your browser, you’ll give yourself the most protection from scareware pop-ups. It’s best to use automatic updating to keep your browser and computer programs constantly updated.

2. Keep pop-up blockers turned on

If you can prevent pop-ups, your screen won’t get filled with advertisements for fake security programs.

3. Install a legitimate antivirus program on your devices

You need to protect your devices with a legitimate antivirus program from a company you recognize. And when that company releases an update, make sure to install it quickly. Updated antivirus software is your best protection from scareware.

4. If a pop-up does show up, resist the urge to click

Never click on any links or “download” buttons on pop-ups. If you are legitimately worried that your computer is infected, do a Google search on the company behind the pop-up you’ve received. You’ll quickly discover whether that company is offering rogue security software. If you want to boost your protection, speak with a representative at a legitimate, well-known antivirus provider.

Together we’ll help protect your digital life

Now that Norton has joined forces with LifeLock, we offer a comprehensive digital safety solution that helps protect your devices, connections, home network — and, now, your identity.


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.