Helloooooo! Wellllcome baaaaaack…ahem…I mean, welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.

Today’s discussion (as we recover from Halloween) involves a term known as scareware, which is a type of social engineering. If we jump into the past for a moment, we had a few TomCast’s on Social Engineering.

To jog the memory, the social engineering definition by the Cambridge dictionary is “attempts to trick people into giving secret or personal information, especially on the internet, and using it for harmful purposes”.

An attempt to trick someone isn’t always a pleasant type of trick. Scareware often involves tricking the victim into believing something is wrong and software needs to be purchased in order to address the problem right away or there could be drastic consequences. While that may not seem like secret or personal information, I believe the victims money is personal (and sometimes secret) information.

Typical scareware tactics involve messages that pop up on a computer stating the computer is infected with a virus and to “click here to purchase” an oftentimes useless piece of software.

Once the victim purchases the software, the mysterious message goes away, and the system appears to be fixed. The software that was purchased, however, does not perform any type of function that keeps the system secure. This can happen to any type of system; laptops, desktops, smartphones, tablets, anything that a person uses to access web-based resources.

The software that is touted to correct the problem is usually branded with authentic-looking colors, branding, or other information to make it look legitimate. Warnings may appear on the system from software that has never been installed stating a scan was performed and several infected files were found. Pop-up ads or pop-up warnings may become so annoying that purchasing the software may seem like the answer to the problem.

Threat actors, in a nutshell, are effectively trying to con the victim out of the price of the useless software. Let’s say the touted fix was $29.95, and the threat actor is attempting to scam a thousand people. That’s $29,950 they could make off of making victims worry.

Some threat actors up the ante a bit and try to con victims into believing they have been impacted by ransomware, and that the victims need to pay in order to unlock their own systems, etc. Fake ransomware doesn’t actually do any of the complex actions that real ransomware does, so the fake alerts will bypass all mechanisms meant to stop ransomware (since, fakes are not real, so there is nothing real to stop).

Ads that pop up threatening disclosure of various offensive activities are trying to garner that emotional response so the threat actor can get a quick payment.

Do not fall for these types of scams! Any message your computer seems to generate that heightens your emotional state and that requires immediate action should be carefully scrutinized before any action is taken whatsoever. Again, scareware plays on emotional reaction. If the alert comes across as dire enough, the victim has been known to do whatever necessary to ensure the system is protected or corrected from whatever the issue appears to be.

If you experience any of these types of scary alerts or things that make you very uncertain about what to do, reach out to a security professional (and when I say that I do not mean call the number on the computer screen that is associated with the scary alert). Those contact numbers typically have either bots or people that work for the same threatening organization that will instruct you to remove anti-virus software, etc. in an effort to further compromise your system.

No, when I say contact a security professional, contact one you may know in person or even contact us here at GuardSight. We’re happy to assist!

We here at GuardSight thank you for taking the time to listen to this TomCast. Please share this if you believe it would be of assistance to anyone in your contact list, and please provide us some feedback in the comments so we can continue to improve. Thanks!