What is Scareware?

Scareware is a scam that plays on fears of inexperienced users. Although computer viruses are an obsolete type of malware, and you will hardly catch one nowadays even if you try, they remain a horror story for people. And the least you know about a threat, the easier it can scare you.

Both trustworthy and scam security products are promoted via advertising. An advertisement of a good solution will respect the customer and make stress on qualities and features of the promoted program. In the worst case – it will explain that there are many threats out there on the Web, and each endpoint needs protection. The scareware, on the contrary, will try convincing you that your computer is already infected with malware. Moreover, pushy ads will insist on immediate installation of the program they represent, as if it were a last chance to cure your pc.

The profitability of the scheme is understandable. People get scared, buy the program and feel like the defenders of their computer system. Perhaps later, the apprehension will come that they just threw away their money, but they will no longer be able to get it back. There are usually many victims of such deception, and that is the very thing on which the scam relies.

Sadly, losing money is not the worst thing that can happen. Sometimes such malvertising used as a filter: whoever bought into this definitely does not have an actual antivirus. Accordingly, those agents who do business on the distribution of adware and malware can safely install a bunch of harmful programs on the victim’s device.

How Scareware Works

It all starts with a person suddenly seeing an advertising banner on some website. The banner itself looks like an automatic notification. Novice users may not even understand that they are dealing with an advertisement.

The message usually says that a scan of the user’s computer was carried out, which found infection with dangerous malware. Already here, a knowledgeable person could have laughed because not only is it impossible to scan the device so quickly, but it would also be problematic to do it remotely without preliminary procedures.

But charlatans deal with inexperienced people and therefore continue their psychological attack. The banners usually include very serious-looking malware names, tables, codes, etc. The more serious the picture looks, the stronger the effect. In all its appearance, the message tries to appear automatic. You can see, for example, this caption: “threat level: high“, as if the same plate could give out a reassuring “low“.

Such schemes are generally built on a series of psychological techniques. Intimidation is only the first of them. The use of colors plays with the victim’s emotions. Red stands for anything related to threats. As soon as the “rescue” program enters the scene, a soothing blue or green color appears. This feeling of possible safety encourages the user to make a purchase. In addition, the price is low. Most scareware schemes rely on the possibility of quick payments combined with a vast number of buyers.

Alternative Scams

There may be more time-consuming schemes for the crooks. For example, they might launch a massive campaign offering free device scans. To take one, the user must first download the software, the functionality of which will be limited until the program is purchased. So that this payment is still made, the scan will produce frightening results. This approach counts on more educated users.

By the way, the scope of scareware is not limited to the security sector. You can imagine other types of scareware, such as cleaners, that will scare users by saying: “look, a little more, and your system will get so clogged with the garbage that the device will start freezing.” The advertised program will be able to delete unused applications, temporary files, etc.

The programs in question can remain completely fake without an iota of the promised functionality. All “treatment” of the device, just like the initial intimidation, can be just a visual effect.

What are The Threats?

Theoretically, the victim of scareware could get lucky, and the only problem would be the wasted money. But more often than not, a deceptive program will leave an unpleasant payload behind. Its severity may vary. In fact, it corresponds to the degree of danger from the unwanted or overtly malicious software that scareware can fetch onto the victim’s computer. In most cases, installing a scareware application will decrease the PC’s running speed. We’ll be coming from the guess that scareware developers want understandable profit from their victims, not reduced to the price of the application.

This goal implies infecting the device with either of the malware types:

• Adware is a class of relatively harmless unwanted applications. They flood users with ad banners, modify browsers’ settings, add ad links on webpages, etc.
• Spyware is a more significant threat. Hidden software collects information about the system and the user’s activity to send it to people who can commercially benefit from having it. o
• Miners are the programs that steal computing resources of the victim’s machine and throw them at mining cryptocurrency (for somebody else, of course.) The injured side will also be surprised by the electricity consumption rate.
• Cybercriminals can add the infected device to the botnet, a controlled network, to perform certain activities on the web unbeknownst to the user.
• Ransomware is probably the worst case. This malware encodes all data files on the victim’s computer, and the only chance to get them back is to buy a key from the racketeers.

Criminals can drop many other types of malware into the unaware victim’s system. However, those are more suitable for targeted attacks and require hackers’ special attention. The malware mentioned above can work and bring profit automatically.

How not to be fooled by scareware?

• Install an modern antivirus software. GridinSoft Anti-Malware is one of the best solutions on the market due to the combination of technical efficiency and cost-effectiveness. Its virus libraries are regularly updated so that whichever malware becomes recognized in the world, Anti-Malware will know how to deal with it. The program can perform a deep scanning, work in on-run protection mode, and be a security measure for safe Internet browsing.
• Know right before you get scammed. The scareware schemes work only because of people’s ignorance. You don’t need to be a hacker or even an advanced user. Just take a simple course on Internet surfing from someone more experienced in it.
• Don’t visit dubious websites and avoid clicking on ad banners whatsoever. You can hardly encounter malicious advertising, which scareware surely is, on trustworthy websites like Google, Youtube or Facebook. It’s not that you should limit your surfing to these three sites, but they can serve as an example of a trustworthy website appearance. As soon as you see ad banners popping up all around you, flashing and glaring, proceed with great caution if you need to.
• Install ad-blocking software. It goes as an extension to your browser that blocks advertising banners from rendering. It might save you a lot of nerve cells.
• If you happen to buy a scareware product, make sure you remove it as you usually remove an application. In Windows, press Start > Settings > Apps > Apps & Features Choose the app you want to remove, and then select Uninstall. After removing the scareware, carry out an antivirus scan to get rid of any accompanying malware.

The post Scareware: How to Identify, Prevent and Remove It appeared first on Gridinsoft Blog.

But how can they do it with a single banner? That article will show you the whole mechanism and will also explain why this notification appears so obsessively.

Pornographic virus alert from Microsoft: How it works and why is it malicious?

Once upon a time, after opening the browser, you may see the banner which says that your PC is infected with awful viruses. As you can suppose by the name of this alert, it also states that this virus got on your PC from pornographic websites. To eliminate this malware, “Microsoft” offers you to contact their support by the number they specified in the text. As they assure you, you cannot fix your computer without calling support. And here is the first suspicious element – times when the viruses may get into the PC exactly after opening the website are gone.

It was possible at the beginning of the ’00s when the browsers were raw and had a huge amount of vulnerabilities. One of these security breaches allowed to start of file downloads and installations without the user allowance. But hold on, here are more interesting moments.

Calling the support as a sign of the malevolency of this banner

First thing is the number this banner offers as an official Microsoft helpline to reactivate your Windows. It is completely different from the one which is published on the Microsoft website. When you call this number, you will hear a “support” that will offer you to grant him remote access to your PC. Sometimes, such action is needed – when some of the program components are working wrong on the specific PC configuration. But when we are talking about the viruses, which are already detected (as the banner says), the need for a remote connection to your PC is very questionable.

Finally, things are getting really ridiculous. The support checks your PC and then says that you really have a lot of viruses. To remove them, you need to install a perfect solution they can offer you only today – an unknown (or low-trusted) antivirus. They can send you a link or even install it themselves, using the remote control. Installing the unknown software was never a pleasant experience. And all these strange moments surely show that this thing is not one you can trust. Usually, the program this “support” offers you is an example of typical scareware. This sort of program mimics the antivirus app and shows you tons of false detections.

The total possible danger of pornographic virus alert from Microsoft

Let’s count. The first danger the user carries is remote access. The user who gets the ability to manage your PC can do everything literally – delete your files, modify your settings, install any programs from any sources – he is a king now. Granting remote access must always be well-weighted because of the dangers it carries. Nonetheless, a lot of users ignore that security rule and give access to anyone who offers help.

Moving on. Scareware may look like a considerably non-dangerous but annoying app. But let this app stay active in your system for about 30 minutes, and you will not be able to use the PC as usual. Because of its malevolent nature, this unwanted program randomly blocks the elements of important applications. Hence, you can’t use the program as usual. To remove these “malicious and vulnerable items”, you need to purchase the full version of this pseudo-antivirus. Moreover, you can’t uninstall a program as usual – through the application list. Manual removal or antimalware software usage is the only option.

Danger #0. Source malware.

And the last one, which must be the first. I have missed mentioning the initiator of that event – adware. The pornographic virus alert from Microsoft cannot appear independently on your PC. Access to this page will just be blocked by the web browser you use. So, it is quite easy to conclude that something changed your browser configuration and networking settings to show you this banner every time you open your web browser. Adware is a kind of virus that usually does the same, that’s why I supposed it’s present. The way you get this virus on your PC may be different, and you can read the removal guide in that post. Fortunately, the adware can easily be removed with anti-malware software.

The thing you can do to get rid of the banner at the moment is to close the browser window or reboot the PC. Radical ways, but pretty effective against this sort of scam. Usually, that banner does not have any “close” buttons at the top right corner. Don’t worry – the notifications that “Microsoft Locked This Computer” are 100% lies. Still, neither viruses nor companies can block the computer through the Chrome browser. To prevent the browser appearance it is better to avoid using dubious sites. Things like torrent trackers or sites for YouTube videos downloading may redirect you to other pages, and this nasty thing is just among them.

The post Pornographic Virus Alert From Microsoft appeared first on Gridinsoft Blog.

How does pretexting work?

During pretexting attacks, attackers may ask victims for specific information, claiming it is needed to confirm the victim’s identity. In reality, the attacker steals this information to use later for secondary attacks or identity theft. In addition, some attacks are so sophisticated that they can trick victims into performing an action that exploits an organization’s physical or digital weaknesses. For example, a fraudster might pose as an outside IT services auditor and convince the organization’s physical security team to allow the attacker into the building.

Many attackers using this type of attack, disguise themselves as employees of the organization or human resources in the finance department. This allows them to target senior executives or other employees with extensive privileges, as they are the ones who are of great value to the attackers. While phishing attacks use urgency and fear to exploit victims, pretexting attacks create a false sense of trust in the target victim. To do this, attackers must develop a credible legend that will not make victims suspicious.

Pretexting methods

Scammers do not stand still and use various methods to gain their victims’ trust and convince them to pass on valuable information. So, let’s break down these methods in more detail:

Impersonation

The scammer presents himself as a confidant, such as a colleague or a friend. This involves maintaining trust by spoofing prominent institutions’ or individuals’ phone numbers or email addresses. A classic example of impersonation is the SIM card spoofing scam, which exploits vulnerabilities in two-step verification processes, including SMS or phone verification, to capture target accounts. For example, the scammer may introduce himself as the victim and claim to have lost his phone, convincing the service provider to switch the phone number to a new SIM card. This way, all the one-time passwords are sent to the attacker and not the victim.

One successful social engineering attack using impersonation was on Ubiquiti Networks in 2015. At the time, employees received messages from scammers posing as the company’s top executives and demanding that funds be transferred to the attackers’ bank accounts. Such an oversight cost the company $46.7 million.

Baiting

As you can understand from the name, it is an attempt to trap the victim through the bait. The goal of this attack is to spread malware or steal sensitive information. Fraudsters may use malware-infected thumb drives as bait, often adding something to make them look authentic, such as a company label. Such decoys are placed in high-traffic locations, such as lobbies or bus stops, so victims will notice them and be incentivized to insert them into work or personal devices. Malware is then deployed to the device. Baiting can also be online. It can usually include enticing advertisements that lead victims to a malicious website or encourage them to download a malware-infected app.

Phishing

Phishing is impersonating a trusted person in messages (e-mails or text messages) to obtain confidential information. This can be payment card details and passwords. Phishing is different from pretexting, but Fraudsters can combine the two. Pretexting dramatically increases the chances of a phishing attempt succeeding. For example, when talking to a phishing scammer, targeted employees can be sure they are talking to an employer or contractor. Fraudsters can also use compromised employee accounts for further pretexting attacks targeting individuals with targeted phishing.

Thus McEwan University in Canada fell victim to a phishing attack in 2017 that cost the university about $9 million. At the time, targeted employees changed payment details, believing that the scammer was a contractor.

Vishing and Smishing

Vishing (voice phishing) is a social engineering technique that uses phone calls to trick victims into stealing confidential information or to give attackers remote access to the victim’s computer. This scheme often involves an attacker who calls victims pretending to be an IRS employee, who often threatens or tries to intimidate the victim into providing monetary compensation or personal information. Although such schemes usually target the elderly, anyone can still be duped by a vishing scam.
Smishing (SMS phishing) is a form of social engineering, very similar to vishing and phishing, but uses SMS or text messages.

Scareware

Scareware annoys victims with bogus threats and false alarms. First, the victim is tricked into thinking their system is infected with malware. The scammers then offer the victim to install software that is positioned as applicable but is, in fact, another malware. For example, a typical malware attack might include banners popping up in the victim’s browser while surfing the Web, which looks legitimate. However, such banners may contain something like, “Your computer may be infected with malware spyware. This is followed by an offer to install a specific tool (usually infected with malware) or direct the victim to a malicious Web site. Scareware can also spread through spam messages containing false warnings or offers to buy useless services.

Pretexting and the Law

Pretexting is illegal in the United States. For financial institutions regulated by the Gramm-Leach-Bliley Act of 1999 (GLBA) (nearly all financial institutions), any attempt by an individual to obtain or cause an employee to disclose customer information through deception or false information is illegal. Also, GLBA-regulated institutions must enforce standards for training their employees to detect attempted pretexting. In 2006, Congress passed the Telephone Records and Privacy Protection Act of 2006, which extends protections to records kept by telecommunications companies. Unfortunately, in other industries, it needs to be clarified whether pretexting is illegal. In future court cases, prosecutors will have to decide which laws to use to bring charges since many were created without this scenario.

How to Prevent Pretexting

The most effective way to protect your organization from fraud is to avoid interacting with messages from suspicious and unknown senders. Scammers aim to get people to click on links or download infected attachments at all costs. Therefore, any statement that asks you to do any of these things should be taken cautiously. Here are a few methods companies use to protect themselves from pretexting:

DMARC

Since pretexting involves impersonation, the email must look as authentic as possible to be successful. This requires email spoofing. Domain-based authentication, reporting, and message matching (DMARC) is the most common form of email spoofing protection. However, it requires constant and complex maintenance, which makes it very limited. Moreover, although DMARC stops accurate domain spoofing, it does not stop name spoofing or related domain spoofing, which are much more common in targeted phishing attacks. However, attackers use these more sophisticated techniques mainly because of the effectiveness of DMARC.

AI-based email analysis

Modern problems require modern solutions. To reduce risk, enterprises must strive for a more advanced detection method than DMARC. Next-generation anti-target phishing technology uses artificial intelligence (AI) to learn user behavior and detect signs of pretexting. It can also detect email addresses and traffic anomalies, such as display name spoofing and related domains. Natural Language Processing (NLP), part of AI, examines language and can decipher phrases and words common to phishing and pretexting.

Educate users

The most effective solution is to train your users to spot pretexting. To do this, you should share real pretexting examples with them. Unfortunately, often the success of targeted phishing and pretexting is that users have yet to learn what it looks like and do not notice anything unusual in the requests they receive. Therefore, you should educate your users about all sorts of different types of spoofing and teach them how to analyze their emails for signs of display name spoofing and related domains. In addition, you should establish rules for financial transactions, such as confirming requests in person or by phone.

Report a phishing email

Unfortunately, users cannot prevent phishing attempts. However, they can be vigilant and report phishing emails when they spot them, thus protecting themselves and their organizations. To be a good Internet citizen and do your part, report phishing at phishing-report@us-cert.gov.

The post Pretexting in Cyber Security: Facts to Know appeared first on Gridinsoft Blog.