What is scareware? Scareware is a social engineering scam that exploits people’s fear of losing access to their devices and data. This rogue program has been wreaking havoc for decades, most likely back to the 1990s, and can be installed on a user’s device via malware.

Appearing on a user’s screen via a pop-up message, scareware works because it instils panic by warning the user they are infected with a virus and invites the user to purchase fake antivirus software to alleviate the condition.

Often, scareware appears as bogus web browser pop-ups that look like operating system messages. This article defines scareware, explains how it works and provides tips for preventing it from infecting your devices.

What Is Scareware?

Scareware is malicious software that arrives as pop-ups and intends to trick users into visiting a malware-infested website. These pop-up messages appear to be legitimate warnings from antivirus software, claiming your device is infected and requires attention.

These pop-up messages are often so convincing that non-tech-savvy users are frightened enough to pay a fee to purchase software that will fix the alleged problem (where their credit card information is then stolen).

Of course, what they download is more malware disguised as antivirus software. The malware infects the computer and steals the victim’s data or encrypts it using a ransomware attack.

How Scareware Infects Your Device

How Scareware Infects Your Device

Like most types of malware, scareware usually infects a device after an unsuspecting user has either visited a deceptive website, clicked a bogus online ad, or opened a malicious email attachment. Once infected, the scareware will get to work by displaying unwanted desktop ads, bogus system error messages, and fake antivirus alerts.

Cybercriminals use several other tactics, such as sending spam mail to distribute scareware. Once the user opens the email, they are tricked into buying fake services using a credit card. Scammers steal and release your credit card information, which opens the door to identity theft.

Depending on its programming, scareware usually tricks users into handing over their credit card details, but it can also steal the personal data on the target device. It may infect other applications on your computer, such as email, where it can send more malware to your email contacts.

How Does Scareware Work?

Scareware typically follows a pattern. Pop-ups warn the user that virus-infected files or pornography have been found on their computer. The pop-ups continue with these warnings until the user clicks on a button that “removes” the threats or asks you to register for antivirus software. Pop-up scams are designed to look like genuine antivirus warning messages.

Pop-ups are the focal point of scareware attacks, often presenting themselves as an antivirus program alerting you of a supposed security issue on your device, mobile phones included.

The objective is to nudge the user into clicking a link to download a “solution” to the problem. In reality, the link in question is malicious; instead of antivirus software, it’s loaded with a malware program.

Often, the user is asked to purchase the fix for a small fee to download the solution; at this point, they also have their credit card credentials stolen by cybercriminals gangs.

Because these scareware pop-ups use social engineering tactics, they often mimic the logos and names of legitimate antivirus programs. Sometimes, they present the user with screenshots of “infected” files on their device.

Then, the user sees a progress bar showing how their computer is being scanned. Or the user sees flashing red images with text in all caps and exclamation points urging them to act.

All these tactics are designed to incite fear and panic so the user will make the irrational decision to do one of the following:

  • Buy worthless software
  • Download more malicious software
  • Visit websites that download and install malicious software

Is Scareware the Same as Ransomware?

Is Scareware the Same as Ransomware?

Scareware and ransomware are both forms of malware. As discussed, scareware is malware that frightens users into believing their devices have been infected with a virus. It then encourages them to download a program to fix it.

Ransomware, on the other hand, is malware that encrypts data files on a device so they are not accessible to the user. Once the user downloads the ransomware payload, it takes over their system quickly. The attacker demands ransom payment from the victim, promising to unlock the device or data once the ransom is paid.

Malvertising vs Scareware

Malvertising vs Scareware

Malvertising is the use of online advertising designed to spread malware. Most often, malicious malware is injected into legitimate ads that appear on online advertising web pages and networks. Online advertisements are a solid platform for malware to attract unsuspecting users.

Because advertising content can be inserted into reputable, high-profile websites, cybercriminals can deploy attacks towards users who might not otherwise see the malicious ads due to firewalls and other safety precautions. Thus, malvertising can be easily spread across many legitimate websites without compromising those websites.

Scareware, however, pops up on the user’s device or web browser, and it does not live in external advertisements, servers, or websites. Rather than mimic legitimate advertising, scareware pop-ups deliver alarming warning messages that make users think they must take action to protect their devices or phones.

7 Ways To Prevent Scareware

7 Ways To Prevent Scareware

Scareware can appear on any device that connects to the internet, not just desktops, and it can also appear on iOS and Android devices.

Thus, it’s essential to stay alert and practice proper cyber hygiene. Here are some practical steps to stay ahead of the shareware scammers.

1. Avoid Clicking Scareware Notifications

If a screen pop-up, banner, or window error message warns you that your computer is infected with a virus and asks you to click a button or link to download software to fix the problem, it’s likely a scam. As alarming as it seems, do not click on the pop-up without getting expert advice.

2. Beware Of Accidental Downloads

Rather than clicking the Close or “X” buttons on a scareware pop-up, close the entire browser as clicking on any part of a scareware message could trigger a download.

Use Ctrl + Alt + Delete on a Windows machine to open the Task Manager. Next, find the program in the Applications tab and click ‘End Task’.

3. Keep Your Browser Updated

3. Keep Your Browser Updated

Keeping your browser up to date with the latest version release is one method to protect against scareware pop-ups and fake virus scams that infect your browser via a malicious plugin.

Browser updates often contain critical security patches designed to keep you safe online. Also, enabling automatic updates ensures you always have the latest browser version.

4. Enable Popup Blockers

Enabling pop-up blockers helps you avoid pop-ups altogether. Popup blockers prevent your screen from filling with fake alerts and advertisements for bogus security programs.

5. Verify New Software Before You Buy

You should never download anything from a company whose name you don’t recognise, nor should you provide credit card information. You can always Google a company to determine whether they are legitimate. Of course, if you have any doubts, do not purchase from a suspicious-looking company or dodgy software download website offering unusually cheap or free software.

6. Use Next-Generation Antivirus Software (NGAV).

The best defence against scareware is to use up-to-date next-generation antivirus (NGAV) protection from a trusted provider. Doing so alerts you to potential threats and quarantines and removes malware on your device.

7. Use All Available Cybersecurity Tools.

Additional cybersecurity tools include ad blockers, firewalls, and URL filters that can cut scareware off at the source and keep fake malware warning pop-ups from reaching the user’s screen.



Scareware is aptly named because the pop-ups are designed to strike fear into users whilst appearing legitimate. Users naturally wish to protect their data and often react impulsively by purchasing the antivirus program suggested in the pop-up. They are taken to a website that mimics a legitimate antivirus company website.

Vigilance against scareware includes resisting the urge to react to suspicious pop-ups. Even then, the best course of action is to close the browser altogether rather than click any part of the pop-up. Preventing scareware includes keeping your browser and antivirus up to date and enabling your browser’s pop-up blockers.

And finally, to finish with a bit of scareware history, in the early 1990s, programmer Patrick Evans designed and deployed a program called NightMare, which featured an alarming image of a bloody skull. It even had audio, which was a human shriek. This little program set a precedent for future attacks that cost users and law enforcement millions.

Get In Touch

From SD-WAN, anti-malware, anti-phishing and 2FA to SASE and cloud-based air-gap immutable backup storage, Securus has a security solution to suit your requirement and budget. 

If you would like to discuss your network security requirements in more detail with one of our cybersecurity or networking professionals, please don’t hesitate to get in touch.

Further Technology Articles


Cybersecurity in education – the latest trends

Many education institutions are now using digital tools to put educational materials online, track student progress, share research and manage operations. However, by hosting a wealth of data online, it makes them increasingly vulnerable to cyberattacks. Education is among the…


Seven Use Cases where Low Latency is Key

With the ongoing demand for real-time business-critical applications like voice, video and the metaverse, the demand on network performance has intensified. Low latency is critical to all size of organisations because it directly influences the responsiveness and performance of systems,…