Monday, October 19, 2009
Millions tricked by 'scareware'
Symantec says more than 40 million people have fallen victim to the "scareware" scam in the past 12 months.
The download is usually harmful and criminals can sometimes use it to get the victim's credit card details.
The firm has identified 250 versions of scareware, and criminals are thought to earn more than £750,000 each a year.
Scareware sellers use pop-up adverts deliberately designed to look legitimate, for example, using the same typefaces as Microsoft and other well-known software providers.
They appear, often when the user is switching between websites, and falsely warn that a computer's security has been compromised.
If the user then clicks on the message they are directed towards another site where they can download the fake anti-virus software they supposedly need to clean up their computer - for a fee of up to £60.
Con Mallon, from Symantec, told the BBC the apparent fix could have a double impact on victims.
It is very prevalent and it's growing very quickly out there on the internet
"Obviously, you're losing your own hard-earned cash up front, but at the back end of that, if you're transacting with these guys online you're offering them credit card details, debit card details and other personal information," he said.
"That's obviously very valuable because these cyber criminals can try to raid those accounts themselves or they can then pass them on or sell them to others who ultimately will try to use that information to their benefit not yours."
The findings were revealed in a report written following Symantec analysis of data collected from July 2008 to June 2009. Symantec said 43 million people fell for such scams during that period.
It has become so popular that the rogue software has been franchised out.
Fake reviews help build the credibility of bogus anti-virus software.
Mr Mallon said some scareware took the scam a step further.
"[They] could hold your computer to ransom where they will stop your computer working or lock up some of your personal information, your photographs or some of your Word documents.
"They will extort money from you at that point. They will ask you to pay some additional money and they will then release your machine back to you."
The scam is hard for police or other agencies to investigate because the individual sums of money involved are very small.
Therefore, experts say users must protect themselves with common sense and legitimate security software.