Organized criminal gangs are exploiting security-conscious internet users by tricking them into downloading and paying for anti-virus protection which is actually malicious software – known as scareware – in disguise.
Often operating on a commercial scale, these gangs target victims through cold calls and by deceiving legitimate webmasters into advertising phony software for a ‘pay per download’.
Evidence from some of the most serious ‘malicious anti-virus’ (also known as rogueware) cases known to date indicate that organized gangs stand to make millions while victims are left out-of-pocket, their bank details stolen and their computers seriously compromised, say experts at GetSafeOnline.org, the UK’s national internet security initiative.
Typically posing as help desk staff from legitimate IT companies, fraudsters prey on consumers concerned about protecting their computers by trying to sell them fake security software or by warning them that their machine has been infected and they have to pay to fix the problem.
Victims are misled into thinking that their computers are infected with malicious software which can be fixed at a nominal cost – usually around £30 ($50) to download a patch. The ultimate goal is to obtain credit card information or secure remote control of the victim’s computer for other illegal activity, such as identity fraud or to launch phishing attacks that are then untraceable.
New research by GetSafeOnline.org indicates that almost 1 in 4 (24%) UK adult web users have been approached by someone claiming to be from an IT helpdesk offering to check their computers for viruses.
Webmaster operations are believed to be widespread, sending out thousands of messages and only needing a small percentage of successful responses to be profitable.
Nearly half (48%) of UK web users say they have seen a pop-up window on their PC claiming that their computer has been infected by a virus.
Dr Emily Finch, criminologist at the University of Surrey, explains the psychology behind the success of these scams: “The general public is more internet security-aware than it was five years ago – malicious AV scams are an indication that criminals are now tapping into this. Rather than exploiting our ignorance – the basic premise of common scams such as phishing – they are actively using our knowledge and fear of online threats to their advantage.