Logo
  • You are here:
  • Home
  • News
  • ‘Scareware’ alert to web users
  • E-mail
  • Print
  • PDF

‘Scareware’ alert to web users

 

16 November 2010

Security-conscious internet users have been warned about a new scam which plays on their knowledge and fear of cybercrime to empty their bank accounts.

Rogue anti-virus, AV scams, fake malware, and scareware are all terms to describe the highly organised criminal operation identified this week by Get Safe Online, a joint initiative between the Government, SOCA and the private sector.

The scam imitates the style of trusted IT brands to issue phoney alerts and frighten web users into believing their computer has been compromised. The solution it offers is a ruse to get access to the computer and steal personal financial information.

How does the scam work?

A web user gets a pop-up on screen or a cold call from an IT ‘help centre’ claiming that their computer might be infected by a virus or other malicious software. They are offered a free scan to identify the threats. If they accept, an authentic looking anti-virus scan appears to take place. In reality this is no more than an animated sequence.

The scan finds a frightening list of infections and recommends software to fix them. There is a charge for downloading the full anti-virus package and the user unwittingly hands over their bank account details to a criminal organisation.
alt
To bypass the user’s own security software the scam provides details of a call centre to talk the user through the installation process. The call centre staff effectively direct the unsuspecting user to disable their genuine anti-virus software so the malicious software can run. Some of the fake call centres have been found to employ hundreds of people.

What are the consequences?

The best case scenario is that the user has paid money for something that doesn’t work. It’s possible though that they have paid a cyber crime group for the privilege of infecting their own computer with malicious software.

They may also have handed over information which can be abused to commit fraud against them and sold on to other fraudsters. Many of the bank details stolen this way will end up on criminal forums for compromised data.

The malicious software which the criminals have installed could put a computer under their control, either for installing further software or ‘renting’ the infected computer to other criminals for untraceable phishing attacks.

The good news – what you can do

There are simple steps that people can take to protect themselves effectively.

Keep anti-virus and anti-spyware software up to date. Make regular back-ups of files containing sensitive information, and secure all wireless networks. Always protect personal and financial data when you are online.

If you do see a pop up or you are directed to a site by a cold caller, check it out before doing anything. Some online forums will identify fake products.

If you think you are a victim of a fraud, report it by contacting the Action Fraud website. You will be given a crime report number.

More information on protecting yourself is available from the Get Safe Online website.

Sharon Lemon, Chair of Get Safe Online and SOCA’s Deputy Director of Cybercrime, said:

“This is big business. In recent cases, we have seen gangs employing 300-400 people to run their operations and using call centre scale set ups to target victims en masse. They can also be paying out as much as $150,000 a month to individual webmasters who are unwittingly advertising their fake software. This level of investment from criminals indicates that the returns are much heftier than this.”

Baroness Pauline Neville-Jones, Minister of State for Security, said:

“Given that our latest research indicates 80% of UK internet users have never heard of these ‘IT helpdesk’ scams, yet almost a quarter have been approached by them, it is vital that we make people aware of this threat. While it’s encouraging to see that UK web users are today more security-aware, criminals will always try to be ahead of the game and will use increasingly sophisticated methods to take advantage where they can. However, equipped with the right information, there’s no need for anyone to be deterred from going online or from protecting their computers with the right security software.”

Tony Neate, Managing Director of Get Safe Online, said:

“Web users should ignore ‘cold calls’ from companies offering free virus checks and be very cautious of any on-screen pop ups. Most reputable IT providers do not approach customers in this way without prior notice or a direct request.”







© SOCA Serious Organised Crime Agency
All rights reserved 2012