Scareware. Just the name itself is rather foreboding. In fact, this deceptive phishing tactic has multiple names and can also be known as rogue scanner software or fraudware. It’s a multimillion-dollar annual criminal enterprise fueled by a form of phishing attack that leverages the anxiety and fear of unaware targets. The attacker’s goal is to get their victim to do something that will ultimately compromise their credentials, data, or other personal information that can be used against them. Typically, scareware starts with a pop-up that displays a “scary” message prompting user action that will ultimately infect their device. Below are three examples of scareware that we detected:
Typically, the threat of a computer virus prompts users to click links which will download malware and infect a user’s device. At this point, it’s possible that credit card data can be captured, credentials stolen, or a device or computer compromised. In some instances, clicking the link to fix a fake virus may uninstall legitimate antivirus software, leaving a computer, mobile device, or network vulnerable to attack.
In the early days of scareware, it originally targeted PC computers and the Windows operating system eventually even branching out to Macs. But with the proliferation of Apple iPhones, iPads, and the growth of Android usage, cyber criminals are now using scareware on mobile devices. Below is an example of an iPhone scareware threat we detected:
Beyond the common “virus alert” phishing attack, scareware attacks can take additional forms as well, including:
- Banking scareware attacks. Finances and banking are at the top of the list in terms of importance for most people’s sanity. Mess with our accounts and the heart rate goes up and panic sets in. You can imagine the need to take immediate action should this alert flash on your screen:
- IRS Spoofs. The IRS means business, so when we think they need to speak to us with regards to some tax problem, most of us don’t hesitate. Preying on this fear using scareware can be problematic for security teams.
- Technical Support Scams. A variation of the “virus alert” phishing scam, this form of scareware uses social engineering to convince users they need fake tech support services. Hackers start by injecting obfuscated malicious JavaScript code into compromised websites. These compromised websites then redirect visitors to dangerous Tech Support Scam sites.
The methods used to compromise the site make it difficult for experts to identify the JavaScript injection hack because its tracks are hidden with several layers of JavaScript obfuscation. Our researchers found a number of compromised websites with this hack, such as acenespargc[.]com. Upon visiting this website, it redirects visitors to a Tech Support scam page. This page plays loud audio (using text to speech) saying your computer is infected with a virus and says you need to call their technical support immediately for removal of this virus. It also tells users to not turn off their computers or their important information stored on the computer (i.e. financial data, credentials, photos, etc.) can be stolen.
An effective way to stop these types of scareware phishing threats is to use zero-hour, real-time phishing threat intelligence. Unlike other anti-phishing technologies and threat feeds, our Real-Time Phishing Threat Intelligence covers all six major categories of phishing and social engineering threats. Credential-stealing, phishing exploits, social engineering scams, rogue software, phishing callbacks, and scareware.
See what scareware phishing threats and social engineering attacks your organization is missing. Try SlashNext Real-Time Phishing Threat Intelligence free for 15 days.