Don’t Click! Fake Virus Alerts Scare Users into Clicking on Dangerous Links

Summary: Cybercriminals use fake virus alerts to trick users into impulsively clicking on malicious links and sharing private data. Learn how to employ cyber security best practices to reduce the chances of your SMB falling victim to a virus hoax.

We all have reactions to computer alerts. As computers have become more stable, we can be lulled into a false sense of security: no alerts, no problems. Yet, at some point, most computer users will receive a fake pop-up virus alert. They can put themselves at risk if they do not know that the alert is a hoax and contains its own malicious code. The hackers behind the hoax count on being able to scare targets into clicking on things that appear to be from trusted cyber security companies.

What Is Scareware?

Wikipedia defines scareware as “a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antirust software to remove it.”

Fake Virus Alerts Lead To Real Malware Attacks

Beware of impulsive and panicked reactions to any virus alert. Before doing anything, scrutinize the alert. Did it really come from a reputable cyber security company? Assuming you have antivirus protection, check to see if your software has generated any alerts or noted suspicious activity.

The goal of virus hoaxes is to fool users into clicking on the warning pop-up windows. Although it purports to be protecting the user from a virus, the warning actually contains a link to malicious code. These fake alerts can be the launch pads for rogue antiviruses, pop-up adware and redirection to erroneous websites.

How To Spot a Virus Hoax

Fake virus alerts have become more challenging to identify. Fortunately, there are a few telltale signs that you should think before you click:

• Increased Frequency of Warning Alerts – Cybercriminals believe that if they continue to bombard targets with scary-sounding warnings, users will eventually succumb to their trickery. Constantly repeated warnings are strong signals that they are false.
• Awkward Product Descriptions – If the description of the software that will allegedly fix the problems sounds strange or difficult to understand fully, it is probably a fake. Legitimate cyber security software companies spend a lot of time creating descriptive content that is clear and user-friendly.
  • Poor Grammar and Spelling – Incorrect English is an easy tip-off that an alert might be phony. Bad grammar and spelling are common mistakes. Big brand-name companies like McAfee and Norton will not allow incorrectly written copy to be presented to the public. Tight grammar is a sign of professionalism and is designed to help, not trick, users.
  • False Promises – If promises of the solutions offered sound too good to be true, they probably are.

Unfortunately, cyberthieves constantly improve their strategies and tricks to lure users into their scams. If you continue to experience one or more of the above symptoms, your security awareness should elevate to a red alert. Trust your gut. Ignoring fake alerts may not be enough to get past them. If you are uncertain about the next steps, engaging IT professionals to run a cyber risk analysis would be wise.

Removing Fake Pop-Up Viruses

There are a few simple steps you can follow to avoid getting “trapped” by a fake virus pop-up alert:

• Quit Your Browser – On a Windows-based PC, combine the keys Alt + F4 to close the browser. For Macs, use Command + Q to quit your browser. If the closing process takes too long, use Force Quit to close the app.
• Uninstall and Delete Suspicious Applications – Find your current list of apps in your app manager or through your finder. Identify any apps you don’t recognize or that seem strange. Click on the application’s “Info” and select “Uninstall” to remove the app.
• Perform a Complete Virus Scan – Using your current security software, perform a comprehensive virus scan of your entire system. Before starting, ensure that your software and all its virus definitions are up to date. Good protection will search for malware, identify it and help you remove it.

Cyber Security Best Practices

Scareware hoaxes are not always launched via fake pop up viruses. Computer virus emails, known as phishing emails, can present the same threatening fake virus alerts. The email header might say something like: “WARNING! YOUR COMPUTER HAS BEEN ATTACKED BY A VIRUS! TO FIX THIS PROBLEM, CLICK HERE!” If the body of the email text is menacing enough, an untrained user can be fooled into clicking the link and launching an attack. Whether you are an individual user or an SMB owner, training in cyber security best practices is essential to keeping your computer system virus-free. If you are not tech-knowledgeable enough to perform best practices training, you should consider working with professional IT experts. They can ensure that you and everyone you work with are fully trained and remain up to date about what to do to keep your computer system and network safe.