Scareware Definition
Scareware is a type of malware attack that claims to have detected a virus or other issue on a device and directs the user to download or buy malicious software to resolve the problem. Generally speaking, scareware is the gateway to a more intricate cyberattack and not an attack in and of itself.
Scareware is often part of a multi-prong attack which incorporates social engineering techniques and spoofing to heighten the sense of urgency and drive the desired behavior. Scareware attacks, like many forms of malware attacks, are especially troublesome in that the scammer may gain access to the user’s account information or credit card details, which can put the user at risk of identity theft or other forms of fraud.
Scareware vs Ransomware
Scareware commonly falls into the category of a ransomware attack in that the cybercriminals’ end goal is to have the user download ransomware software. Ransomware is a type of malware that denies access to a user’s system and personal information, and demands a payment (ransom) to regain access.
That said, while some types of scareware lead to ransomware attacks, others are more of a nuisance. For example, these attacks may simply flood the screen with pop-up alerts without actually damaging files.
Bart is Senior Product Marketing Manager of Threat Intelligence at CrowdStrike and holds +20 years of experience in threat monitoring, detection and intelligence. After starting his career as a network security operations analyst at a Belgian financial organization, Bart moved to the US East Coast to join multiple cybersecurity companies including 3Com/Tippingpoint, RSA Security, Symantec, McAfee, Venafi and FireEye-Mandiant, holding both product management, as well as product marketing roles.
