(NCSAM Week 1) Tips for Handling “Scareware” – Fake Web Pop-Ups

Leila Sharma

Malicious software can take many forms: ransomware, worms, viruses, trojans, cryptocurrency mining code, keyloggers, spyware, rootkits and scareware. This post addresses scareware, and simple steps that you can take to safeguard your devices and data. Read on for more information, and be sure to check out the Security Awareness web page for National Cybersecurity Awareness Month (NCSAM) related updates & resources!

Scareware may appear as system alerts or pop-ups on both mobile and non mobile devices that attempt to frighten victims into taking an action (such as paying a fee for “needed” software). Scareware pop-ups often take the form of tech support scams in which you may receive an alert informing you of a need for antivirus software, with a prompt to either download or call a phone number to discuss/purchase. Scareware may also appear as legitimate software updates from unknown sources. Scammers may be seeking to steal your sensitive information, such as your credit card number or may try to sell you potentially malicious software.

What can you do if you receive scareware browser pop-ups? 

If you receive scareware, it is recommended that you close and then reopen your browser.  Do not click on any part of the pop-up as doing so may trigger the installation of malware, such as ransomware. If scareware locks your browser and you are unable to close it or experience any of the following: 

  • Pop-up login prompts seeking your username/password
  • A hidden or camouflaged cursor 
  • The launching of endless downloads 
  • A browser being forced into full screen mode

exit your browser via Task Manager on Windows or Force Quit on Macs.  If using a mobile device, you may need to turn your device off to get rid of the scareware. 

What can you do to protect yourself from scareware? 

  • Antivirus software can protect you from scareware and other known malware. Please visit www.nyu.edu/it/vpn for NYU sponsored antivirus software access and eligibility information. For mobile device antivirus software, please select well reviewed software from a known and trusted source such as Apple’s App store & Google Play.
  • Keep your browsers updated as updates address security vulnerabilities.
  • Block pop-ups via your browser’s settings. 
  • Resist the urge to click pop-ups!

The following are examples of scareware pop-ups: 

Screenshot of iPhone scareware stating "Your iPhone is severely damaged by 19 viruses!", further claims browser damage and advises immediate installation of software to protect What's App & Facebook accounts

Screenshot of iPhone scareware stating your iPhone has been locked and to contact tech support at the provided number