Despite widespread awareness of viruses and the havoc they wreak, scammers still routinely fool unsuspecting computer users into infecting their own machines.  One tactic the cyber criminals use is so-called “scareware.”  By understanding how it works, you can help prevent yourself from becoming a victim.

Scareware is a program that masquerades as a legitimate antivirus program, telling the user that his computer is infected.  A pop up window might appear on the screen, for example, saying a virus has been detected and that activating this particular program will eliminate the virus from the computer.  The pop up window looks like a legitimate warning message and thus, sometimes the user is duped.

If the user tries to close the pop up, successive pop ups might appear with more frightening language about the supposed discovery of viruses and more earnest warnings about the need to install the program to remove them.

If at any point the user agrees to let the program run, he might be asked to purchase the software and turn over his credit card information.  Afterward, the bogus software might tell the user it has cleaned up the problem, which in reality never existed, and/or it might install a real virus giving the cyber criminal access to the user’s computer.

Usually this type of malware is acquired by visiting less-than-reputable web sites, but it has been known to even infect otherwise safe sites such as the New York Times.  Scareware can also appear as a result of opening an infected attachment to email or downloading an infected file from a web site.

To protect against this scam, you should follow basic security practices.  For example, keeping your operating system updated, which we discussed earlier in the article “4 More Ways Small Businesses Can Thwart Cyber Crime,” can help keep scareware at bay.  Only using trustworthy antivirus software products from established companies is also important.

According to Microsoft, you should keep your firewall turned on all the time, and install antispyware if your antivirus software doesn’t have it built in.

The FBI recommends that those who have been infected with scareware file a report with its Internet Crime Complain Center.  However, because many cyber criminals operate outside of the US and because they can cover their tracks pretty well, bringing them to justice can prove difficult.

So treat with skepticism any emails, web sites, or files that seem even remotely suspicious or unusual.  And remember that, as a Philadelphia Inquirer columnist described, “the Internet police are badly outgunned, and that the World Wide Web is still the Wild Wild West.”