Scareware: What It Is, Examples, and How to Remove It

Scareware is a type of malware that uses fake security alerts and scare tactics to trick you into downloading malicious software, handing over sensitive information, or paying for software you don't need. Scareware relies almost entirely on psychological manipulation.

Unlike most malware that operates silently in the background, scareware is out in the open. The more alarming the alert looks, the more effective it is.

Keep reading to learn how these attacks work, how to spot them, and how to remove scareware from your devices with antivirus software.

How does scareware work?

Scareware usually begins with users receiving a notification (normally a pop-up ad) warning them of malware or other cyberthreats on their computer. It may ask them to download security software to remove the threat. Scareware may also repeatedly appear until users agree to download or register the software.

The software poses as a legitimate antivirus program when it's actually malware.

Phishing emails are another way to spread scareware. Hackers may send you an email using a spoofed email address (an address that looks similar to a real company's) with a warning that your device is infected and that you should download antivirus software. Alternatively, the email may ask you for sensitive information so tech support can resolve the issue.

A key trait of scareware is its dependence on social engineering. It's a strategy to psychologically manipulate users into doing certain actions. Scareware pop-up notifications are usually designed to look like they came from a professional source, often mimicking the logos or names of trusted antivirus software.

Scareware examples

Scareware attacks often appear authentic, and in some cases may even resemble aggressive advertising tactics used by legitimate companies. Let's take a look at two notable examples.

Office Depot and its vendor, Support.com, agreed to pay the Federal Trade Commission $35 million as a settlement for a tech support scam.^[1] The companies were accused of deceiving customers to download a free "PC Health Check Program," which would begin aggressively selling diagnostic and repair services customers didn't need.

Apps are also used to spread scareware. An app called AntiVirus for Android was removed from Google Play after it was reported to send fake virus detection results to users. 

The app would then charge a premium service to "remove" the viruses it supposedly detected. It was downloaded and installed between one million and five million times before the scareware was noticed.

Some well-known scareware programs you should be aware of include:

• Antivirus360
• DriveCleaner
• ErrorSafe
• Mac Defender
• PC Protector
• SpySheriff
• WinAntivirus
• WinFixer
• XPAntivirus/AntivirusXP

Scareware vs. ransomware

Scareware and ransomware both use fear as a weapon, but they work differently. Scareware shows you a fake threat alert and waits for you to react, so it has no real hold over your device. If you close the pop-up and don't engage, the threat is essentially over.

On the other hand, ransomware has already acted before you see any message: it encrypts your files and locks you out, then demands payment to restore access.

If a warning appears claiming your files are encrypted and demanding a ransom payment, that's ransomware, not scareware. Scareware relies entirely on your panic to do damage. Ignore the alert, don't click anything, and close your browser to shut it down.

Scareware scam red flags

Noticing the signs of a scareware attack can stop you from accidentally downloading malicious software. While you may initially panic when you receive a notification stating that you have a computer virus, you should try to stay calm and authenticate the alert.

Here are some signs the notification isn't legitimate:

• The logos, names, or email addresses are close to an authentic company but are not accurate.
• It comes from a company you don’t recognize at all.
• It’s written with extreme urgency, saying you have hundreds of viruses on your device.
• There are capital letters, incorrect grammar, or several exclamation points.
• It asks you to immediately download software to fix the issue.
• The pop-up won't close or keeps reappearing right after closing it.
• It immediately "scans" your device and shows you a progress bar.
• The pop-up appears in your browser.

By recognizing the signs of scareware, you can be more prepared to avoid downloading malware.

Red flags indicating a scareware attack has happened

You might be wondering whether you've fallen victim to a scareware attack and if there is malicious software downloaded on your device. Here are some red flags that a scareware attack successfully happened:

• Numerous notifications: Consistent alerts that your device has a virus or is part of a security breach are usually signs of a fake notification, especially if they are designed to create feelings of panic.
• Lower performance: Malware often causes your device to slow down or crash entirely. If this is persistent, then you may have installed malware.
• Random programs and features appearing: You may notice new apps or programs installed on your device. If you didn't add these, then it could be a sign your device has been compromised.
• Can't access files: You may have difficulty accessing files on your device or have received error messages. The malware may even block you from going to authentic antivirus websites.
• Recently clicked on an ad: Scareware malvertising will appear as a third-party ad on a website and warn you that you have a virus on your computer. If you clicked on it and downloaded the software, it may have been malware.
• Settings have been altered: You may notice changes you didn't authorize. Maybe your device is using a new default browser or other computer settings are different. Malware could've altered these settings.

How to remove scareware

To remove scareware, run a scan with a trusted antivirus program. It will detect, quarantine, and delete the malicious software automatically. If the scareware is blocking your antivirus or browser, use the manual OS steps below to remove it first, then install antivirus software to make sure nothing was missed.

Antivirus removal (recommended)

The easiest way to remove scareware is with a reputable antivirus program. Run a full system scan, let it quarantine any threats, then restart your device. If you don't have antivirus software installed, use the manual steps for your operating system below, then install antivirus protection afterward to prevent reinfection.

Here are our favorite antivirus providers:

Manual removal by operating system

If scareware is blocking your antivirus software or you'd prefer to remove it yourself, follow the steps for your operating system.

Windows

To manually remove scareware on Windows, follow these steps:

1. Open Settings.
2. Choose Apps.
3. Find the application you believe is scareware.
4. Select it and click Uninstall.

macOS

To manually remove scareware on macOS, follow these steps:

1. Open Finder.
2. Select the Applications folder.
3. Find the application you believe is scareware.
4. Drag it to the trash, then right-click the trash icon and choose Empty trash.

5. Go to System Settings > General > Login Items and remove any unfamiliar entries. Some scareware adds itself here to relaunch after deletion.

If scareware is blocking normal removal

Some scareware actively blocks you from opening antivirus software or uninstalling apps through normal means. If that's the case, try removing it in Safe Mode, where most third-party programs, including malware, can't run.

Windows — Safe Mode removal

1. Open Settings > System > Recovery.
2. Under Advanced startup, click Restart now.
3. On the recovery screen, select Troubleshoot > Advanced options > Startup Settings > Restart.
4. Press 4 or F4 to start in Safe Mode.
5. Once in Safe Mode, go to Settings > Apps, find the scareware, and uninstall it.
6. Restart normally, then run a full antivirus scan to confirm the threat has been removed.

Windows — Microsoft Defender Offline scan

1. Select Update & Security.
2. Click Virus & threat protection.
3. On Windows 10 or 11, select Scan options under Current threats. On older versions, select Run a new advanced scan.
4. Choose Microsoft Defender Offline scan and click Scan now.
5. Your device will restart and the scan will run outside of Windows for about 15 minutes.

Mobile removal

Scareware can also appear on mobile devices, typically as fake antivirus apps or scare-tactic pop-ups in the browser. Here's how to remove it on Android and iOS.

Android

1. Open Settings > Apps (or Application manager).
2. Find the suspicious app and tap it.
3. Tap Uninstall. If the button is grayed out, the app may have Device Administrator privileges. Go to Settings > Security > Device Admin Apps, disable it there, then return to uninstall.
4. Restart your device, then run a scan with a trusted mobile security app.

If you can't identify the app or the problem persists, a factory reset will remove all malware, though it also erases your data. Back up photos and contacts to Google first.

iPhone

1. Press and hold the suspicious app icon until a menu appears.
2. Tap Remove App > Delete App to confirm.
3. If the scareware appeared as a browser pop-up rather than an app, go to Settings > Safari > Clear History and Website Data.
4. Restart your iPhone.

iOS has strong built-in sandboxing, so true scareware infections are rare. Most "virus warning" pop-ups on iPhone are browser-based scams, so closing Safari and clearing your history is usually all that's needed.

Tips to prevent scareware attacks

There are simple ways to prevent scareware attacks and stop malware from being downloaded onto your devices. Here are some tips to prevent scareware:

• Don't click on malware notifications: If you receive a pop-up notification or an email claiming your device has a virus, don't click on it.
• Close the entire browser: Avoid accidental downloads by shutting down your browser instead of the pop-up. Clicking on the "X" of the pop-up may result in downloading malware or staying in a loop of notifications. The only safe option to get out of a scareware pop-up is to close the entire browser. You may need to use your device's task manager to forcibly quit the browser.
• Keep browsers and software updated: Browsers and software updates have the latest security upgrades and can help block scareware attempts. Enabling automatic updates ensures your software always has the latest security patches.
• Enable pop-up blockers: Your browser can block pop-ups. This can reduce your chances of receiving scareware notifications.
• Research software before you download or buy it: Verifying the authenticity of software can go a long way in preventing malicious downloads. If you don't recognize the company, don't download files from it or send it personal information. A quick internet search can help you spot genuine companies and frauds.
• Use trusted cybersecurity tools: There are many tools available to keep your devices secure. You may want to consider antivirus software, virtual private networks (VPNs), firewalls, or ad blockers.
• Know how authentic antivirus software sends notifications: Genuine antivirus software won't send you notifications through your browser. If you have antivirus programs installed, familiarize yourself with how they inform you of a threat on your device. This can help you recognize when a malware alert is fake.

Bottom line

Scareware plays into your feelings of panic and exploits them for its gain. Staying informed about how scareware works and keeping calm can help you make better decisions about what to do. 

However, even cautious users can accidentally download malware. In this case, it helps to have comprehensive security tools at your disposal. Solutions like antivirus software, anti-malware tools, and firewalls can block potential threats. 

FAQs