Don’t get spooked by scareware

Boo to hackers who have employed yet another sneaky way to steal our personal information and infect our computers with viruses.

In the past, companies like Google, Twitter and the New York Times have been affected by a massive scareware attack on consumers, according to the Better Business Bureau (BBB).

“The recent scareware attacks are cropping up everywhere and can be found on even the most trusted websites online,” said Alison Southwick, BBB spokesperson. “The threat of scareware undermines consumer trust in compromised Web sites, and on the Internet in general, but there are steps computer users can take to protect themselves.”

So what exactly is scareware? It’s a message that appears to come from your own computer warning that your computer has been infected with a virus. The message also contains the link to a web site where the user can purchase and download anti-virus software that will immediately fix the problem.

Unfortunately, this supposed anti-virus software actually installs even more viruses and malware onto the computer — and at the same time provides hackers with your credit card number.

It’s a scenario that once affected visitors to the New York Times’ site. In this instance, the pop up was generated by an unauthorized ad. (The media website later learned it had inadvertently sold ad space to hackers posing as Vonage, but were apparently Ukrainian cybercrooks.)

Similar scareware attacks still happen all over the Internet. For instance, according to Computer World Magazine, hackers are not only using pop up ads, they are also “poisoning Google search results.” The way it works: hackers monitor the news and hot topics online, and through search engine optimization techniques, are able to ensure that their web sites are the top results. Victims who click on the fake search results then receive a scareware pop up.

Scammers are employing the same tactic on Twitter by using machine-generated accounts to post messages about trendy topics that tempt users to click on a link directing to fake Windows anti-virus software.

In an effort to fight back, Microsoft filed lawsuits against five companies accusing them of using malicious advertisements to trick victims into installing software on their computers.

One of the latest versions of the scam making rounds in 2012 involves a warning about child pornography. A pop-up allegedly from the RCMP or Canadian government claims that the computer has been used for illicit activity involving minors and has therefore been locked. Users are then directed to pay a sum of money to have the computer unlocked. You may have heard of this scam by another name: ransomeware scam.

Guard against cyber threats

Here are some ways to protect your computer from a scareware attack:

Stay vigilant.

Just because you’re on a trusted site doesn’t mean you’re safe. A scareware attack can happen anywhere online, even on established news sites like the New York Times, in search engine results from Google and on Twitter.

Protect your computer.

Your computer is fully protected only when your security software is activated and up to date. In a recent poll, the National Cyber Security Alliance and software maker McAfee found that nearly half of their users thought their software was protecting them when in fact it had not been updated. And keep in mind that security software bundled with a new computer can expire within weeks.

Make sure your computer security is activated whenever you’re online. Check to see if your software has been updated recently (within the past week or so). If it’s not, verify its automatic updating feature is enabled and that your subscription has not expired. Also make sure that all security patches and updates are installed for your web browser and programs like Adobe Flash Player.

Take immediate action during an attack.

Many people who click on a pop up do so accidentally. In fact, a Consumer Reports survey found that 13 per cent of those who tried to close a pop up ended up launching it instead. To close a pop up, carefully click on the X on the upper right or left corner, not inside the window.

Another option is to force the window to close through your task manager. To do this, hold down the Ctrl, Alt, and delete keys at the same time, open your task manager, find the browser in the list of running programs and click “End Task.” Finally, run an anti-virus scan with legitimate, trusted software.

To avoid pop ups altogether or enable your browser’s pop-up blocker.

(For more important computer safety tips, See 7 online mistakes.)

So what happens if you clicked on the scareware pop up and purchased the software? Unfortunately, the prognosis isn’t good. Experts say that unless you’re very computer-savvy, it may be time to call in a professional to clean up the problem.

Sources: BBB news release; ComputerWorld; Consumer Reports

Photo © Henrik Jonsson

Beware the ransomware scam
Keep kids safe on social sites
Avoid online job scams