Malware has long been a nuisance for computer users, and it doesn’t seem like that will change any time soon. Infections can happen in the most unpredictable ways, which is why anti-virus and anti-malware programs are so important — but they aren’t enough.
As you use your computer and browse the Web, you may occasionally run into infection warnings that appear to be legitimate but aren’t. These anti-malware warning messages — appropriately called “scareware” — are designed to scare you into installing fake anti-malware programs that are actually malware in disguise.
So how can you tell between real and fake warning messages? It can be tough, but as long as you stay calm and take your time, there are a few signs you can look for that will help you distinguish between the two.
While fake virus warnings could theoretically crop up in any manner, history has shown that there are three main types that are exploited over and over. For the most part, if you can learn to spot these, that should be more than good enough.
Advertisements used to be straightforward and easily distinguished, but advertisers are smart and ever-adapting. Nowadays, it’s almost impossible to tell between genuine content vs. advertising, and when you apply that to the context of malware, the idea is terrifying.
Malware-laden advertisements aren’t new — they’re common enough to have their own name, “malvertisements” — but they can be scary. When browsing a webpage, you might see flashing ads that claim to know your IP address, where you live, and the fact that you have thousands of infections on your system.
The only solution is to ignore these. No self-respecting anti-malware company would ever report their alerts through a website ad, nor can a company know what kind of infections are on your system simply by you visiting a webpage.
Banner ads are admittedly easy to notice and avoid, but there’s another form of advertisement that’s way more convincing:
These popups often copy the actual appearances of warnings from real anti-malware software. What’s worse is that these popups often disguise their “X” buttons, so that if you do click on the fake “X” (to close the popup) it counts as if you clicked the ad itself.
You can usually tell that a popup is fake because it will be over-the-top in its scariness. It will tell you that you must “act immediately” in order to prevent the breakdown of your computer or the loss of your data. Really, though, the urgency is only there because they want you to act without thinking.
A rarer but more serious form of scareware appears in the system tray as a notification, usually telling you that there’s a massive infection in your system that needs to be resolved pronto. Unfortunately, these can be pretty convincing.
Windows 8 and 10 both use toast notifications instead of balloon notifications, but they’re still vulnerable to fake messages so stay alert. (You can revert to balloons if you want.) Notifications can also be faked by full screen videos or browsers in full screen mode.
Ultimately, the warning signs of a fake popup apply here as well. Look for over-the-top scariness and a sense of urgency that makes you want to act immediately. That’s a good sign that the warning isn’t real.
If you ever encounter one of the alert types mentioned above, don’t worry. It’s not the end of the world. Here’s a simple checklist of what you should do to make sure you circumnavigate the alert safely.
Calm down and take a breath. The worst thing you can do is to act hastily and accidentally do something that you’ll come to regret. It’s okay to take it slow and take your time. Avoid clicking at all until you know what’s going on.
Make sure it’s really fake. Common giveaways that a warning is actually fake include product names that seem fake (“XP Antivirus”, “AdwarePunisher”), features and promises that are vague (“protect your privacy”, “remove harmful files”), a high frequency of alerts (more than once per day), and poor English.
But the biggest giveaway is that the alert wants you to purchase a new security product, upgrade a security product that you don’t actually have, or directly send money somewhere (as in the case of ransomware). Reputable security companies will never do any of these things.
Search for the product name. If you don’t recognize the product name, search for it. If it’s legitimate, it will rank somewhere on the first page of results. If you can’t find any mention of it, or if there are a lot of other people asking about the legitimacy of the same product name, then it’s probably fake.
Close your browser. If the alert popped up while you were browsing the Web, don’t click on the “X” to close it. Instead, close your browser altogether (either through the Task Manager or by right-clicking on your browser in the taskbar). If the alert closes with the browser, then it was a fake.
Scan your system. Spotting a fake malware warning doesn’t necessarily mean that your system has malware on it, but those fake warnings could be caused by malware, in which case you’ll want to get rid of it sooner rather than later. This is even more important if you aren’t doing regular malware scans already.
We recommend starting with one of these one-time scanning tools to purge your system of any infections, then using one of these Windows security suites for real-time, always-on protection. If you find malware that just won’t go away, check out our complete malware removal guide.
Knowing how to spot and identify fake malware warnings is a good skill to have, especially if you want to start building good online security habits. Unfortunately, scareware is only one of many concerns out there, so we also recommend learning these email security tips and following in the footsteps of security experts.
Have you ever fallen for scareware? What happened as a result? Are there any other scareware-identifying tips that we overlooked? Let us know in the comments below!