CyberEd #25 Scareware & initial response for a scareware scam

Scareware is a type of malware attack that pretends to detect a virus or other problem on a device and then advises users to download or buy malicious software to resolve the issue. Scareware is typically not an attack in and of itself, but rather a gateway to more sophisticated cyberattacks.

Scareware attacks often begin with pop-up advertisements that appear to originate from legitimate security software vendors or computer operating systems. Clicking on the scareware ad redirects the user to her infected website with additional instructions to fix the problem. Examples include installing new tools or programs, running computer scans, entering credentials for details, uploading credit card information to continue the recovery process, and so on. This often leads users to accidentally and unknowingly download malicious programs onto their devices, such as Malware, Ransomware, Spyware, Viruses, or Trojan Horses.

Scareware attacks can also be delivered via email. In this type of attack, cybercriminals send high-priority or urgent emails urging users to take immediate action, usually disguised as fake antivirus software. Users download and install infected files, malicious code, or malicious programs, frequently by clicking links in emails ostensibly offering ways to fix threats or scan systems.