Thursday, October 29, 2009
Scareware on the rise
Scare him into it.
That's the lesson learned from the latest round of malware attacks: So-called "scareware" which tricks an infected user into thinking he has a virus or some other infestation on his computer, then extorts money from the user in exchange for "fixing" the issue.
Scareware is nothing new -- readers regular send me questions about it, all convinced they have some kind of infection that can't be remedied unless they send $30 to a Bulgarian company -- but its virulence is now becoming severe. Symantec says that 43 million people have been hit by scareware scams in the last year, and it's now a million-dollar-a-year business for some 250 practitioners of the art of selling phony security software.
Why is scareware so popular? The linked BBC article mentions two ways victims can be impacted, but there are actually three. First, the attacker gets cash from you in exchange for the "fix," so that's money straight off the top. Next comes the identity theft problem: By giving up your personal information you open yourself up to an ID theft risk, and your data can be resold to another crook, netting the original attacker a little bonus cash and victimizing the user further.