Looking at Fake Error Messages

In this video, we’re talking about fake error messages, and we’re going to take a look at scareware and what it is. So first of all, what is scareware? Scareware is typically a pop-up that’s going to happen to us when we’re, typically, surfing the internet. And it’s going to try to elicit fear and make us do something that may not be in our best interest. So how do these attacks work? Primarily, the attack vector is going to be what’s called amygdala hijacking. And the amygdala is a part of your brain that keeps us from doing things that may not be in our best interests– things like walking into traffic.

So amygdala hijacking is essentially a personal or emotional response that is immediate and overwhelming. That’s a term coined by Daniel Goleman. So going back to what it is, it’s going to make us take action, take action without thinking, even if it’s not in our best interests. And we’re going to take a look at some examples in a moment. That also means that this works by fear. So fear that we’ve done something wrong. Fear that we were caught doing something wrong, even if we didn’t do it. Fear that we did something bad. Fear that something bad is going to happen to our computer or us, and needs immediate remediation.

And again, fear is a very effective, very popular way of amygdala hijacking. There are other ways for amygdala hijacking, such as flattery and whatnot. But most of the time the scareware is going to use fear. Thus the term “scareware,” because it’s trying to scare us into taking action. So let’s take a look at some examples. The first one’s the FBI example. And this was a really popular one a while back. Now what would happen is, you would go to a website, usually a questionable website, and all of a sudden this giant banner would pop up in your computer that you wouldn’t be able to close. It had the FBI logo.

It said, “your computer has been locked” in bold red letters. It would have a federal law quoted in there. Your IP address was supposedly logged, and it found you going to a pornographic website– child pornography, zoophilia, child abuse, or any number of horrible things. And that your computer has been locked. And that unless you pay the FBI $200 or $250, $300– the amount actually varied– and you would have to pay using a prepaid card or a Western Union payment, all these other payment services. But if you didn’t pay within 72 hours, that the FBI would come to your door and arrest you.

So this clearly elicits fear, fear of authority, that the FBI would come to your house and arrest you for something that you did, or even if you didn’t do it. I know a lot of people that this popped up on really freaked out, and they were about to pay it because they felt that, well, the FBI is saying that they’re going to arrest me. I didn’t do anything, but it’s a small amount– a small enough amount that I could pay this– and this is really scaring me. So again, this is designed to elicit fear and make you take action immediately. We have a dollar amount. We have fear of authority here.

And we have a small time window, that someone has to react within 72 hours to send the money off. So this is a pretty typical example of scareware. Next one we have is a fake computer virus. So again, you browse the internet. All of a sudden this giant warning pops up. “Your computer has been infected. We found two potentially malicious files, a rootkit.” And they would have legitimate virus names in there. And you need to call the tech support line. And the tech support line would kind of walk you through some things. And then ultimately, you would have to pay some money to get the virus removed. It was actually never on your computer.

And they may sometimes even put an actual virus in your computer during the course of supposedly troubleshooting your computer. Here’s another example. This is another popular one that still pops up occasionally. It’s Windows Defender, pops up and says, “Hey, your computer’s been locked. Windows detected a virus in your computer. Contact the help line.” And you call the number. And again, a fake tech-support guy or girl would walk you through some steps. And ultimately they would say, well, you need to pay some money to get this fixed. So what happens when you pay this? You lose your money. Every one of these cases, you would lose your money if you went ahead and paid it.

So, first and foremost, do not pay for any of these scams. You will lose your money. In the event that someone did have them contact their credit card company and block those charges, a lot of the charges I’ve seen when this happened would be overseas. So how do we prevent these things from happening? So first and foremost, if it pops up, remember, these are designed to elicit fear. The attack vector is amygdala hijacking, in an attempt to scare us and take immediate action. Now, the best defence versus amygdala hijacking is to pause. Pause and think for a minute. Does this make sense? Is this going to be my best interest to do this?

Does it make sense that the police, the FBI, or whatnot, are sending me a message to pay this fine or they’re going to come to my house? And the answer should always be no. If the FBI is going to arrest me, if the police are going to arrest me, they’re not going to be really nice and send me an email, or a pop-up on my computer that, “Hey, we’re going to arrest you if you don’t pay this fine”. They’re probably going to come to your house and arrest you. If any of these come up, clear your browser cache. You can clear the cache, run a virus scan just to be on the safe side.

If you can’t close the little pop-up window, the easiest thing to do– if you’re on Windows, you could do control-delete and then close that task. Or you always could reboot. But again, I would always recommend, clear your browser cache, run a virus scan. Just err on the side of caution. So this was all about scareware. In the next video, we’re going to be taking a look at useful browser plug-ins. Thank you for watching. I’ll see you in the next video.