Have you ever been surfing the Internet, minding your own business, when suddenly a pop-up appears, warning you that you have a virus? And, as luck would have it, the pop-up offers a downloadable tool that will cure your ills — for a small fee, of course.

I have good news and bad news. The good news is you probably didn’t have a virus on your computer. The bad news is if you clicked the pop-up and downloaded the software, you probably do now.

Those warnings and alerts are scams, part of a family of malware dubbed "scareware," because they scare you into installing them by claiming to have detected a virus or other trouble. When the fee is paid, the software goes through a phony cleanup process and declares your computer error-free. The reality is there was probably nothing to fix and, unfortunately, the program now installed on your computer could be harmful. The new software may cause your computer to exhibit signs of malfunction, such as displaying fake crash animations or selectively disabling parts of your system in an effort to entice you to pay for more "repairs." They may also direct you to disable legitimate security software or your firewall, making you more vulnerable to other attacks.

The most common "scareware" is fake anti-virus software. These pop-ups can be quite convincing, even pretending to go through a scan of your computer and invariably finding something that needs to be fixed "immediately." Other common scams include "registry cleaners" that claim to fix corruption on your computer or help speed it up.

Wikipedia maintains a list of known scareware at en.wikipedia.com/wiki/List_of_rogue_security_software, but it isn’t all-inclusive.

Scareware also may contain keystroke loggers that record your login information for the websites you use, such as online banking. They can enable your computer to send spam or attack other computers over the Internet. Just a couple of years ago, a network of more than 1 million computers was discovered to be infected with the same fake anti-virus program.

How do you know if such a program is installed on your computer? First, make sure you have a bona fide and up-to-date anti-virus program installed. Commercial anti-virus applications are made by Symantec, McAfee, Sophos, eSet and Kaspersky, just to name a few. Check with your Internet service provider, or ISP, to see what it recommends. Most service providers offer their residential customers a free anti-virus application as part of their package.

If you can’t afford a commercial anti-virus application and your ISP doesn’t offer a free one, there are other free options, such as Avast, Comodo and AVG, which aren’t as thorough but are better than nothing. Once you have a proper anti-virus application installed, become familiar with it so you will not be tricked into fake software reporting a virus.

The best thing to do to eliminate scareware is to boot your computer into "safe" mode and run a scan using your legitimate anti-virus application or cleanup tools such as Malwarebytes, Comodo Cleaning Essentials or Microsoft’s Windows Defender Offline.

If you suspect you’ve been a victim of fraud and provided your credit card information, cancel your credit card and review your statement for fraudulent charges. Don’t be embarrassed if this has happened to you; these types of scams aren’t always easy to detect. The most important thing is to be vigilant and take precautions to protect yourself in the future.

———

Hawaiian Telcom Information Security Officer Beau Monday is a local Cybersecurity expert. Reach him at Beau.Monday@hawaiiantel.com.