Breaking down scareware

April 2, 2025
Scareware preys on fear to trick users into granting access. Learn how to spot and counter it with awareness, security best practices, and endpoint controls.

Scams, fraud, and malware are in a constant arms race against security researchers, IT teams, and individuals. Can email clients block new email addresses faster than scammers can make them? Can researchers analyze new vulnerabilities sooner than threat actors can deploy them?

 

Threats like ransomware and phishing are the most discussed parts of this battle, but they aren’t the only subjects, and the smaller ones can be just as dangerous. A particularly interesting example of a smaller threat is so-called scareware.

Scareware

If you’ve been on the internet long enough, you’ve seen a scareware popup: “WARNING! Microsoft has detected that your computer is being used for cybercrime! Call 555-555-1234 immediately to scan your computer before we report you to the FBI.” They aren’t usually particularly convincing, but they don’t need to be. Their goal is to look vaguely passible, while turning the stress up to the max.

What makes scareware an interesting threat is what it uses that stress for. Most scams attempt to panic a user, so they’ll overlook obvious gaps. Scareware still wants this, but also wants to panic a user enough that they realize this is a threat to be reported, but forget the correct process. The hope with this strategy is that in their panic they’ll take the path of least resistance, calling the number and giving the scammer access.

Countering Scareware

Like any other human-focused threat, the only real counter is awareness. Remind users that the security alerts are meant to inform, not to scare users. Make sure they know that they won’t be punished simply for reporting a security concern. Consider showing them what common threats and scams look like compared to their real counterparts.

You can also teach them more general concerns that can factor into multiple scams. For example, remote access is a common end goal in scams of several kinds. Remind users about how your organization handles remote support, and that they should reject requests outside that framework.

Having good website blocking is a supplement to this of course, but these sites often appear quickly and are replaced as soon as engines start picking them up. If all else fails, good endpoint management can mitigate the worst of it by blocking administrator access or software installation without approval.

Let’s chat

Let us know what kinds of scareware your company is running into! We have a team at the ready to bring clarity and support.

 

Access Tech Advocates at the Capitol
Sweet Talk: Using Nonviolent Communication Strategies
For more insights on this topic:
Information Technology (IT)