Scareware: Fake tech support scams

Scareware is a tool used to trick users into downloading malicious software, visiting a malicious website, or (in a lot of cases) triggering a tech support scam in hopes users will call a fake tech support company.  Scareware can range from a fake error message resembling one you see from your operating system to a full screen pop-up.  These messages state things such as your computer is infected with a virus, your credit card data has been stolen, or that you will not be able to access, or are blocked from, the internet until you call the number listed.  They are very convincing, but in the end they are all lies. 

The fake "Microsoft calls" people would receive via phone where a caller would say they have detected a virus in your computer have been transformed into scareware pop-up messages.  These pop-up messages claim a variety of things such as:

  • Your computer has been infected with a trojan horse, a virus (they may list the name of a virus), etc. 
  • Suspicious activity has been detected on your device (computer, tablet, phone, etc.)
  • Your computer or files will be deleted
  • Your computer has been blocked or locked from accessing the internet
  • Your credit card and/or personal data has been stolen

You can trigger or stumble on to one of these messages in a variety of ways.  You can navigate to a website that has a malicious advertisement, possibly clicked on an advertisement that redirected you to a malicious website, accidentally typed the web site address incorrect, or navigated to a malicious website.  Basically, you can stumble on to one of these in a variety of ways even if you were being careful.

If you run into one of these scareware messages, I would save your work, if possible, in other applications (i.e. Microsoft Word, Microsoft Outlook, etc.) and reboot your computer.  Clicking "Cancel", the x in the top right corner, etc. could actually result in something being installed in the background, which is why I recommend rebooting/restarting your computer instead.  There is a possibility you may trigger the message again if it was related to a website you were visiting, but the error should go away.  If it persists, I would contact your normal IT person to have them investigate further or run a malware scan on your device for viruses, adware, etc..  Under no circumstances should you call the number listed or click on any links on the scareware message.  Your trusted IT person would be a wiser choice.

The most important recommendation is to NEVER let anyone you aren't familiar with remote into your computer.  They will have access to anything and everything on your computer to include stored passwords, private information, etc.  The scammers are very good at misleading people to make it seem like they already have access to your device, but unless you have clicked on a link, navigated to a website and entered a code, etc. it's highly unlikely they have access.  Even if you think they may already have access or be in your device, do NOT let them remote in.

If they gain remote access to your device, they will have access to anything and everything stored on the device to include files, passwords, etc. regardless of how long they had access.  It only takes a matter of seconds to install a backdoor, malicious program, and/or steal data.

If you have fallen victim to this scam, you should consider your device compromised and should consider following the steps outlined in my blog post concerning lost, stolen and/or compromised devices.

Here are several examples of the various scareware pop-up messages currently making their way around the internet.  In some cases, you can perform an internet search on the phone numbers and will either see references to scams, malicious behavior, or they go to totally unrelated businesses or people.