Most individuals in the workplace are familiar with malware - referring to malicious programs such as Trojan horses and viruses. Far fewer, however, may be familiar with the phenomenon of ‘scareware’. Scareware is malware disguised as scanning software, making users more likely to download it. This makes it all the more dangerous from an IT perspective - and every bit as hazardous to SMBs as its better-known cousins.
Scareware, also known as deception software, gets its name from the way the software will introduce itself to the unsuspecting user. From the outset, scareware will attempt to create a climate of fear and alarm in a user since a state of panic can be helpful in convincing that user to go ahead and install the scareware program. Scareware may appear suddenly and announce that the computer is currently under attack and will be compromised unless one or more IT solutions are immediately put into use. The solutions recommended, of course, are those that will make sure that the scareware is installed.
Some scareware is rather modest in ambition, demanding a small fee for the license to run the program that will supposedly rid you of a virus or other attack, an attack which is of course non-existent. Other forms of scareware, however, are more malicious. Any credit card information you supply may charge against multiple times instead of the once that you have been tricked into authorizing. Even worse, once you install the rogue program masquerading as an IT solution, it may actually function as a keylogger, recording all your keystrokes and secretly sending them to a cyber-criminal hoping to find banking passwords, email account access, or other information that can be used to commit identity theft. Perhaps worst of all is the scareware that allows a remote attacker to take complete control of your system.
One way that businesses can prevent scareware attacks is to organize anti-virus and other security needs around a managed programs model in which visiting experts take charge of all IT security software installations. This guarantees that decisions about which programs to trust are made by those with full knowledge of scareware so that only legitimate programs are put onto the company's network. For more information about protecting your business from scareware attacks, reach out for a free business IT consultation.