What Is Scareware? How It Works and How To Stop It

Scareware is a method to trick users into downloading malicious software to their devices using scare tactics and ads.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Scareware is a type of malware that uses third-party advertising and social engineering tactics to manipulate users into downloading malware or useless software. It primarily scares users into doing certain actions, like handing over sensitive data or downloading software they think will help with the situation.

Keep reading to learn how these attacks work, how to remove scareware with reliable antivirus software, and how to prevent it from infecting your devices.

In this article
How does scareware work?
Scareware red flags
How to remove scareware
Safety tips
FAQs
Bottom line

How does scareware work?

Scareware usually begins with users receiving a notification (normally a pop-up ad) warning them of a cyberthreat, like dangerous files on their computer. It will ask them to download security software to remove the threat. Scareware may also continually pop up until users agree to download the software or register for it. 

The software poses as a legitimate antivirus program when it's actually a form of malware.

Phishing emails are another way to spread scareware. Hackers will send you an email using a spoofed email address (an address that looks similar to a real company's) with a warning that your device is infected and that you should download antivirus software. Alternatively, the email may ask you for sensitive information so tech support can resolve the issue.

A key trait of scareware is its dependence on social engineering. It's a strategy to psychologically manipulate users into doing certain actions. Scareware plays heavily on a person's panic about having infected files on their device. Since many people will go the extra mile to block or remove computer threats, they may easily be tricked into downloading malware.

Scareware also utilizes social engineering by posing as trusted sources. Scareware pop-up notifications are usually designed to look like they came from a professional source. They may use similar logos or names to trusted antivirus software.

Examples of scareware

Scareware attacks often look like they are authentic or they may actually be advertising tactics by legitimate companies. Let's take a look at two recent examples.

Office Depot and its vendor, Support.com, agreed to pay the Federal Trade Commission $35 million as a settlement for a tech support scam.[1] The companies were accused of deceiving customers to download a free "PC Health Check Program," which would begin aggressively selling diagnostic and repair services customers didn't need.

Apps are also used to spread scareware. An app called AntiVirus for Android was removed from Google Play after it was reported to send fake virus detection results to users. The app would then charge a premium service to "remove" the viruses it supposedly detected. The app was downloaded and installed between 1 million and 5 million times before the scareware was noticed.

Some well-known scareware programs you should be aware of include:

  • Antivirus360
  • DriveCleaner
  • ErrorSafe
  • Mac Defender
  • PC Protector
  • SpySheriff
  • WinAntivirus
  • WinFixer
  • XPAntivirus/AntivirusXP

Scareware scam red flags

Noticing the signs of a scareware attack can stop you from accidentally downloading malicious software. While you may initially panic when you receive a notification stating that you have a computer virus, you should try to stay calm and authenticate the alert. 

Here are some signs the notification isn't legitimate:

  • The logos, names, or email addresses are close to an authentic company but are not accurate.
  • It comes from a company you don’t recognize at all.
  • It’s written with extreme urgency, saying you have hundreds of viruses on your device.
  • There are capital letters, incorrect grammar, or several exclamation points.
  • It asks you to immediately download software to fix the issue.
  • The pop-up won't close or keeps reappearing right after closing it.
  • It immediately "scans" your device and shows you a progress bar.
  • The pop-up appears in your browser.

By recognizing the signs of scareware, you can be more prepared to avoid downloading malware.

Red flags indicating a scareware attack has happened

You might be wondering whether you've fallen victim to a scareware attack and if there is malicious software downloaded on your device. Here are some red flags that a scareware attack successfully happened:

  • Numerous notifications: Consistent alerts that your device has a virus or is part of a security breach are usually signs of a fake notification, especially if they are designed to create feelings of panic.
  • Lower performance: Malware often causes your device to slow down or crash entirely. If this is persistent, then you may have installed malware.
  • Random programs and features appearing: You may notice new apps or programs installed on your device. If you didn't add these, then it could be a sign your device has been compromised.
  • Can't access files: You may have difficulty accessing files on your device or have received error messages. The malware may even block you from going to authentic antivirus websites.
  • Recently clicked on an ad: Scareware malvertising will appear as a third-party ad on a website and warn you that you have a virus on your computer. If you clicked on it and downloaded the software, it may have been malware.
  • Settings have been altered: You may notice changes you didn't authorize. Maybe your device is using a new default browser or other computer settings are different. Malware could've altered these settings.

How to remove scareware

Fortunately, malware downloaded from a scareware attack can be removed from your device. You can remove the malicious file by using an authentic antivirus program that will run a scan, detect the threat, and then quarantine and remove it.

Here are our favorite antivirus providers:

Antivirus
Best for Best overall antivirus software All-in-one software Comprehensive security Best value
Starting price $29.00/yr (first year only) $35.99/first yr $29.99/first yr $3.19/mo (billed annually)
Features Zero-day scans, anti-phishing, ransomware protection, password manager, ad blocker, TotalVPN Antivirus protection, VPN, password manager, security for multiple devices Antivirus, malware, ransomware, and hacking protection, cloud backup, password manager, Norton Secure VPN Antivirus protection, Surfshark VPN, private search engine, data leak alerts, ad blocker
Learn more Get TotalAV Get Aura Get Norton360 Antivirus Get Surfshark Antivirus

Alternatively, you can remove it manually. This may be your only option if the malware is blocking access to genuine antivirus software or websites. Here's a guide on scareware removal for popular operating systems.

Windows

To manually remove scareware on Windows, follow these steps:

  1. Open Settings.
  2. Choose Apps.
  3. Find the application you believe is malware.
  4. Click Uninstall.

You could also use Microsoft Defender Offline to scan and find scareware. Here's how to use it:

  1. Navigate to Settings.
  2. Select Update and security.
  3. Choose Windows Security.
  4. Click Virus and threat protection.
  5. If you use Windows 10 or 11, select Scan options under Current threats. If you use an older version, select Run a new advanced scan under Threat history.
  6. Choose Microsoft Defender Offline scan.
  7. Click Scan now.
  8. Follow the instructions to run Microsoft Defender Offline in a recovery environment. The scan will take about 15 minutes to complete and will restart your device automatically.

macOS

To manually remove scareware on macOS, follow these steps:

  1. Open Finder.
  2. Select the Applications folder.
  3. Find the application you believe is malware.
  4. Select the application and drag it to the trash can icon.
  5. Right-click the trash icon to open a menu.
  6. Choose Empty trash.

Tips to prevent scareware attacks

There are simple ways to prevent scareware attacks and stop malware from being downloaded onto your devices. Here are some tips to prevent scareware:

  • Don't click on malware notifications: If you receive a pop-up notification or an email claiming your device has a virus, don't click on it.
  • Close the entire browser: Avoid accidental downloads by shutting down your browser instead of the pop-up. Clicking on the "X" of the pop-up may result in downloading malware or staying in a loop of notifications. The only option to safely get out of a scareware pop-up is to close the entire browser. You may need to use your device's task manager to forcibly quit the browser.
  • Keep browsers and software updated: Browsers and software updates have the latest security upgrades and can help block scareware attempts. You may want to consider enabling automatic updates, so you don't have to worry about unintentionally using outdated software.
  • Enable pop-up blockers: Your browser can block pop-ups. This can reduce your chances of receiving scareware notifications.
  • Research software before you download or buy it: Verifying the authenticity of software can go a long way in preventing malicious downloads. If you don't recognize the name of the company, don't download files from it or send personal information to it. A quick internet search can help you spot genuine companies and frauds.
  • Use trusted cybersecurity tools: There are many tools available to keep your devices secure. You may want to consider antivirus software, virtual private networks (VPNs), firewalls, or ad blockers.
  • Know how authentic antivirus software sends notifications: Genuine antivirus software won't send you notifications through your browser. If you have antivirus programs installed, familiarize yourself with how they inform you of a threat on your device. This can help you recognize when a malware notification is fake.

FAQs


+

What do you do if you get scareware?

If you get scareware, you should use your device's antivirus software to find the malware and delete it. If you don't have antivirus software already installed, you will need to manually delete the potential malware. You can do this by navigating to your device's applications folder and deleting the suspected malware.


+

What is a scareware example?

A common scareware example is pop-up notifications appearing in a browser claiming your device has hundreds of infected files. It will also attempt to get users to download antivirus software to solve the problem. But the antivirus software is actually malware that scammers are trying to get on your computer.


+

What is the difference between spyware and scareware?

The difference between spyware and scareware is the purpose and how it gains access to your devices. While both are malware, scareware may have different intentions, like convincing computer users to buy a fake antivirus product or download malicious software. 

Spyware is designed to steal personal information and then sell it to a third party.

Scareware also specifically uses scare tactics to manipulate users into downloading malware. Spyware can use different methods to hack someone's computer and install malware.

Bottom line

Scareware plays into your feelings of panic and exploits them for its gain. Staying informed about how scareware works and keeping calm can help you make better decisions about what to do. However, even our best efforts can have flaws, and we may accidentally download malware or other computer viruses. In this case, it helps to have comprehensive security tools at your disposal. 

Solutions like antivirus software, anti-malware tools, and firewalls can block potential threats. You should also keep your browser updated to ensure it has the latest security patch to block potential attacks.

Unlimited Device Protection and Large Server Network
4.8
Editorial Rating
Learn More
On Surfshark's website
VPN
Surfshark
WINTER DEAL: From $1.99/mo + 4 months extra
  • One of the ONLY VPNs to offer unlimited simultaneous connections
  • Get worldwide access to streaming services like Netflix with 3,200+ servers in over 100 countries
  • Excellent safety features like real-time malware defense, webcam protection, and more

Author Details
Sara J. Nguyen is a freelance writer specializing in cybersecurity. She aims to help people protect their data while enjoying technology. She has written about online privacy and tech for over 5 years for several organizations. When she's not writing about the latest cybersecurity trends, you can find her on LinkedIn.

Citations

[1] Office Depot and Tech Support Firm Will Pay $35 Million to Settle FTC Allegations That They Tricked Consumers into Buying Costly Computer Repair Services