What is scareware? Easy tips to prevent and remove it

What is scareware? Simply, it’s a trick. Scareware mimics system alerts, virus pop-ups, and even threats of legal action to make you panic. The goal? To push you into downloading junk software, sharing personal data, or paying for fake fixes.

It’s also evolved pretty fast over the years. What started as spooky pranks turned into full-blown scams that cost users millions. Today’s scareware might hijack your browser, lock your screen, or even plant ransomware.

In this guide, we’ll explain what scareware is and offer some examples. Then, we’ll cover how it works by pointing out the most common scareware tactics. Finally, we’ll share some tips on how to dodge scams like these, along with safe ways to remove scareware if you’re already affected.

What is scareware?

First things first, scareware is a cyber threat that uses social engineering to trick users into downloading malware, buying unnecessary apps, or sharing sensitive data.

The most common scareware tactic involves fake virus pop-ups and banners. Scareware websites use them to make you believe your system has been compromised, then offer bogus antivirus software to “fix” the issue.

Famous scareware attacks

Scareware started out as prank software designed for actual spooks. NightMare, the earliest known example, flashed an image of a skull and played a loud shriek every five minutes.

Meanwhile, scareware, such as “Virus: The Game,” simulated the deletion of the Windows folder as part of its gameplay. Ironically, antivirus software typically did delete it, despite in-game text reassuring users that it’s only a game.

Unfortunately, it’s not all fun and games. Scareware scams have escalated, drawing serious law enforcement action. In 2023, Spanish police arrested a fugitive linked to a global scheme that affected nearly 1 million users and caused $72 million in damages.

Nowadays, cyber campaigns like ApateWeb use hundreds of thousands of domains to distribute scareware, useless bloatware that slows down your device, or lead users to ransomware pages and lock them out of their systems.

How does scareware work?

Scareware scams come in various forms, including:

• The aforementioned virus banners and pop-up ads, along with fake system alerts that mimic Windows or Mac notifications, legitimate software updates, and so on.
• Fake progress bars that claim to scan your system for threats, often accompanied by ALL CAPS text and urging immediate action.
• Tech support scams have also made a resurgence in recent years, often targeting elderly and less tech-savvy users and scaring them into an urgent call.
• Impersonating law enforcement and threatening legal action or fines after supposedly finding illegal content on your hard drive.
• Forced download sites that won’t let you leave unless you download their supposed security tool or “system cleaner” software.
• SMS messages that seem to come from a trusted source (such as your bank or phone provider), saying you need to install a security update, verification app, or urgent fix.
• Phishing emails are designed to look like the real deal, common ones are insurance, healthcare, and PayPal scams.

No matter how it looks, all scareware has one goal: pressuring you into acting out of fear. That could mean installing malware, paying for useless software (e.g., PC Fixer 2025), handing over personal information, or even giving scammers remote access to your device.

Can scareware affect mobile devices?

Yes, scareware can target mobile devices, especially if you use third-party app stores, visit shady websites, or tap any phishing links. Even the Google Play Store has had instances of fake antivirus apps that secretly installed malware, with misleading names like:

• Antivirus, Super Cleaner
• Atom Clean-Booster, Antivirus
• Alpha Antivirus, Cleaner
• Center Security – Antivirus

Attackers may also compromise ads on legit publications, or use router viruses to redirect you to scareware websites. A Reddit user shared this example, noting it only showed up when using their parents’ home network.

There are a couple of telltale signs of a scareware/phishing scam in the image, including:

• Advanced Protection mode being a non-existent feature (aside from iCloud’s Advanced Data Protection, which we’ve highlighted in our iCloud vs Google Drive guide)
• “Back to safety” and “turn on Advanced Protection mode” are underlined, suggesting a link where one shouldn’t exist
• Several grammar errors (“your IOS,” the extra period after “mode”)
• The suspicious “.life” URL in the address bar

Details like these may slip by when you’re hit with a threatening red screen. Some forms of scareware even include a timer to put on the pressure. Regardless of the warning on screen, you should close the tab/browser and avoid installing anything.

How to prevent scareware effectively

Whether you’re on PC or mobile, here are some surefire tips to prevent scareware:

• Ignore malware warnings in pop-ups: If a sudden alert claims your system is infected and demands a download, it’s a scam.
• Install uBlock Origin or other blockers: Ad-blocking extensions (especially community-driven ones like uBO) take care of scareware by blocking malicious ads, pop-ups, and on-page scripts that “block” your browser, among others.
• Get a secure VPN with adblock: A decent alternative considering Google is sabotaging ad-blockers and uBlock Origin doesn’t work on iOS. VPNs also secure your traffic with strong encryption, which is useful on public wi-fi and other unsafe networks.
• Avoid sketchy downloads: Never install software from unknown sites or enter payment details for unfamiliar programs. Look for user reviews on TrustPilot, Reddit, and other online communities, as they may quickly point out if the app is a scam.
• Update your browser and OS: This patches potential vulnerabilities hackers might exploit on scareware websites.
• Use a trusted antivirus service: If you accidentally download any apps peddled on scareware pages, your antivirus will deal with it automatically. Remember that reliable anti-malware vendors will never use scare tactics to sell you a product.
• Enable two-factor authentication (2FA): Even if scareware extracts logins from your computer, attackers won’t be able to access your accounts while you have 2FA.

How to get rid of scareware

Prevention is the name of the game when it comes to scareware. If your antivirus doesn’t stop it, removal can be tricky. Before attempting to get rid of scareware, follow these steps to minimize damage:

• Disconnect from the internet: Unplug your router or turn off Wi-Fi/mobile data to stop malware from sharing your info with attackers.
• Power off your device: Afterwards, a tech-savvy user can isolate and scan your hard drive without launching any installed malware.
• Update your passwords immediately: Prioritize your main email, financial accounts, and other sensitive services.

Your next move should be to boot your device in Safe Mode and delete any suspicious apps. Here’s how to do so on Windows and Mac.

How to remove scareware from Windows

1. Press the Windows key + X.
2. Hover over the Shut down or sign out option.
3. Hold down the Shift key and click Restart.
4. Navigate to Troubleshoot > Advanced options > Start-up Settings.
5. Click Restart and press F4 on your keyboard to enable Safe Mode.
6. Press the Windows key again, then look up and click Add or remove programs.
7. Uninstall any programs you don’t recognize (click the three dots > Uninstall). You can sort apps by Date installed to speed up the hunt for scareware.

Microsoft Edge users can also enable the browser’s new AI-powered Scareware blocker. Head over to Settings > Privacy, search, and services > Security and toggle it on.

How to get rid of scareware on Mac

1. If it isn’t already, shut down your Mac.
2. Press and hold the power button until you see Loading startup options.
3. Choose a startup disk (usually called Macintosh HD).
4. Hold down the Shift key and click Continue in Safe Mode.
5. Click the Apple logo on the top left, then System Settings.
6. Go to General > Storage and click on the ⓘ next to Applications.
7. Identify any suspicious apps, select them, and click Delete. If the button is greyed out, look for the Open Uninstaller option on the left instead.
8. Confirm your choice to finish up.

What to do next

Whichever platform you’re on, we recommend resetting your browser to its default state. That way, you remove any malicious extensions, stored cookies and cache, hijacked homepage or search engines, and any other settings that may lead you to a scareware website.

Of course, some scareware variants may disable security tools, block Safe Mode, or even encrypt your system files to demand a ransom. Simply uninstalling or deleting the app may not work, as some scareware can reinstall itself.

Consider formatting your hard drive if the threat returns. While this can remove most malware, be aware of the Master Boot Record (MBR)—a section of your drive where infections can persist even after formatting. It’s best to consult an expert to ensure it’s fully cleaned.

Otherwise, you should regularly back up your files, in case you end up having to format everything. Losing important documents, photos, and other valuable data over “Windows Fixer” or an annoying pop-up can really sting.

What is scareware: FAQs

See also: