The Fake Security Tool Scam - One particularly effective online scam tries to fool users into downloading malicious software. Here is a step-by-step guide on how to avoid getting infected.
You are playing a popular family game, and you realise you’ve run out of score cards. You go to the web to look for some you can print out, so you click on one of the links
Suddenly your computer tells you you’re infected, and you need to perform a scan.
Clicking "ok" appears to run a Windows folder scan
A lot of malware is detected
You are given the option to remove the threats…
…And to run some antivirus software.
This leads to a further scan…
…Followed by a message asking you to activate the protection.
You are then asked to pay for the software by entering your credit card details. So What are the clues that this is a scam, and at what point do you become infected?
The website is a genuine website but look closely at the end of the web address. Although the website owner has no knowledge, his site has been hacked and an extra webpage has been added, called “N1rDKN4”.
Once the page is inserted, the hackers then use so-called “Blackhat” Search Engine Optimisation to force this page towards the top of Google. The popup message is generated by the website, not your operating system. You are not yet infected.
This appears to be a Windows system folder, scanning your hard drives and detecting lots of malicious software. But it’s not a separate system window - it is all an animation happening inside your web browser.
When you click the “REMOVE ALL” button you are actually telling your computer to download and run the malware.
This is the point of no return. Stop here and nothing bad will happen. All you’ve done so far is watch an animation and clicked an option.
It’s this message which is your browser warning you that you’re about to run a program, and it can’t vouch for its origin. Now, everything else is for show. No actual virus scan is occurring.
It may look professional, but the occasional spelling (confiramtion) mistake is another clue that this is not the real deal, although it is now too late. Your computer is infected, it is now part of a botnet and will begin to carry out background tasks.
Oh, and if you do give your credit card details, you’re not actually achieving anything other than handing them directly to the cybercriminals.
If you do stop before you click “Run”, you may find that the malicious page won’t let you leave. Hold down the CTRL and ALT keys and press the Delete key. Click on the Applications tab at the top then "end task" the icon that represents your browser.