# Scareware

This video describes how scareware works and shares examples of these attacks.
7
In this video, we’re talking about fake error messages, and we’re going to take a look at what scareware is and talk about what it actually is. So how these attacks typically work are, first of all, Amygdala hijacking. And we did talk about this in the social engineering part of this course. So if you forgot, Amygdala hijacking is essentially a personal or emotional response that is immediate and overwhelming, and that’s a term coined by Daniel Goleman.
38
Now, essentially, when these come up, we have a fear that we’ve done something wrong and that we’re caught, fear that something bad has happened to our computer, and it needs immediate remediation, fear that something is going to happen if we don’t take action that it’s telling us to take, and also fear of authority, fear of authority in that we must comply with what is being asked of us. So let’s take a look at some examples here. Now, this was a really popular one that went around a while back. And typically, this worked by, you’re surfing the web, all of a sudden your screen gets locked, this giant, scary looking splash page comes up on your computer. You can’t close it.
87
There’s nowhere to close it, there’s no back button. It just pops up on your computer and locks up your screen. And in big red bold letters, it says, your computer has been locked. This operating system is locked due to the violation of federal laws of the United States of America, article 1, section 8, clause 8, article 202, article 210 of the Criminal Code of the USA provides for deprivation of liberty for four to twelve years. So right there, it’s scary. You can’t close this thing. It just pops up on you, no warning, and all of a sudden, it says your computer has been locked, which essentially, it did kind of lock up your computer.
127.1
And it’s saying that the feds locked your computer. And they’re naming off these different penal codes and saying that you can go to jail for four to 12 years, and violations were detected. They have your IP address, that you were on these horrible websites, pornography, child pornography, zoophilia, child abuse, all these horrible things. And that your computer is locked, and they’re going to take immediate legal action against you. Now, in order to not be arrested, you’re supposed to pay a $200 fine, and that you have 72 hours to pay the fine, or you will be arrested. 170.1 And then it goes on to say how you could pay this$200 fine, which is you’re supposed to go get these Green Pak or Western Union type payment methods, and they’ll walk you through how to, who to pay. Now, again, this is a pretty scary looking thing. It looks fairly official. It’s big. It’s scary. It has the Department of Justice FBI seal on there. And your computer, legitimately, got locked up to a certain degree. And again, they’re citing these different penal codes, and they’re telling you they have your IP address. They have recorded doing these horrible things and you have 72 hours to comply. So this puts a sort of scarcity on you.
218.1
You have a small window to pay this off, or you will be arrested. And for the most part, a \$200 fine isn’t really that far out of most people’s budget, especially when you’re looking at the feds coming after you and thrown you in jail for four to 12 years. That seems pretty minor. But there’s a lot of scary things here. Again, your computer locked, FBI seal, threat of going to jail, and also you have things like they have your IP address, they have you doing these bad things, and you have three days to, essentially, pay off the fine. And this was, again, a really popular scam. It scared a lot of people.
261.4
I’ve known people that I’ve worked with that this came up, and they were freaking out even though they didn’t do anything bad, they were just legitimately going on there and surfing the web, no horrible websites. It just hit a lot of different places. But again, this was really scary. Now, this is another one. Warning! Your computer may be infected. System detected two potentially malicious virus rootkits. And they name off these viruses. And in order to get rid of it, you need to call the tech support line right away, and they will help you get rid of this. And to make it a little bit more legitimate, they would generally show your real IP address on there.
302.9
So if you went online, you checked your IP, or you ran the console and checked your IP, you go, OK, well, that matched. And wow, my computer is infected by a virus. It looks like my antivirus popped up. I better call this number. And what typically happened is you call the phone number, and the person on the other line would kind of walk you through some things, and you go, OK, well, try this. Wow, that looks bad. OK, well, yeah, you have a virus.
331.6
Give me your credit card number. We’ll run it. We’ll get you the software to clean it. And then they would steal your credit card information. And they would bill you, and you would never get rid of this thing, and you really didn’t have a virus on you computer, this is just an annoying scareware tactic. Now, this one’s a little bit different, and this looks pretty good for most people because if you’re running Windows, which a lot of people are, it looks like Windows pops up on your computer and says Windows is running, you have this virus on here, it starts scrolling through, rattling off all these viruses. And it looks like your computer is actually popping this from Microsoft.
376.6
And then it’ll give you a very helpful 800 number that you would call, and a person would answer that they’re from Microsoft tech support. And again, same type of scam. They will walk you through, try this and try this, OK, well, OK, we’re going to try to clean the virus this other way. Well, it’s not working. Well, you’re going to have to pay for the additional service to get rid of this virus. And they’ll tell you how dangerous it is to have this virus, and you need to get rid of it immediately. Again, they would charge you, take your money, and probably take your credit card information to use later. Again, it’s another scam. It’s not a real virus.
412.8
It’s just designed to scare you and make it look like one.

This video describes how scareware works and shares examples of these attacks.

In previous videos, we reviewed how hackers can use social engineering to target you. To review social engineering, see step 1.13 Social Engineering: Overview. This video explains how hackers use social engineering in the form of scareware.

Investigate and share: Scareware takes advantage of our emotive responses and can be very effective. Find an article on a case where scareware was effective, and share your findings in the comments section below.