What is scareware? Understanding fake virus alerts

You’re browsing the web when—bam!—a flashing pop-up warns that your device is infected. The message is urgent: “Your system is at risk! Click here to fix it now.” Maybe it looks like an official antivirus alert, complete with a countdown timer. Panic sets in. Do you click?

This is scareware in action. It preys on fear, tricking users into downloading fake security software or paying for bogus virus removal. Sometimes, it’s just an annoying pop-up. Other times, it can install real malware, steal data, or even lock your device.

In this guide, we’ll break down what scareware is, how to recognize it, and what to do if you’ve fallen for a scam. You’ll also learn how to remove scareware safely and the best ways to protect yourself from future attacks.

Scareware definition and how it works

Scareware is a malware scam designed to trick people into believing their device is infected with a virus. It relies on fake virus alerts, aggressive pop-ups, and fraudulent warnings that create a sense of urgency. These messages often claim your device is at risk and urge you to download security software or pay for a fix—but it’s all a scam.

These pop-ups may look legitimate, sometimes mimicking real antivirus brands. They often include fake scans, warning sounds, and countdown timers to pressure you into clicking. But if you do, you could end up downloading malware, giving away personal data, or paying for a worthless service.

Scareware vs. ransomware: Key differences

Scareware and ransomware use fear to manipulate victims, but they work differently. Scareware tricks you into installing bogus security software or handing over payment for a fake fix. Ransomware locks your files or device and demands a ransom to restore access. Essentially, scareware relies on deception, while ransomware uses extortion. 

Let’s explore the difference in more detail.

How does scareware spread?

Scareware spreads through multiple tactics, preying on fear and urgency:

• Fake virus alerts on websites: You visit a site, and suddenly a pop-up claims your device is infected. The message urges you to download software or call a “tech support” number.
• Aggressive pop-up ads: These ads disguise themselves as security warnings, often making it hard to close them. Clicking anywhere could trigger a download, even if it’s just the “X” button.
• Phishing emails: Scammers send phishing emails pretending to be from reputable security companies, warning you of a virus and pushing you to take action.
• Malicious software downloads: Some scareware is bundled with free software downloads, disguising itself as a security tool. Once installed, it bombards you with alerts demanding payment for fake virus removal.

These methods rely on social engineering—they create panic and pressure you into acting without thinking.

How will scareware affect you?

Falling for a scareware attack can lead to serious risks:

• Malware infections: Some scareware does more than spam you with alerts. It can install spyware that tracks your online activity or even logs your keystrokes.
• Stolen personal information: If you enter your credit card details or other sensitive information to “fix” the issue, cybercriminals can steal it for identity theft or fraud.
• Unwanted charges: Many scareware scams trick people into purchasing fake antivirus software that does nothing except charge them for a useless program.
• Potential ransomware attacks: Some scareware isn’t just annoying—it can be a gateway to more severe threats like ransomware, which locks your files until you pay a ransom.
• Fake tech support scams: Some scammers don’t stop after the first attack. They may follow up, claiming you need ongoing technical support to scam you out of even more money.

Read more: How to tell if someone is spying on your phone

How to recognize and detect scareware

Scareware thrives on deception and fear, using fake warnings to pressure you into downloading a malware scam or paying for fake security software. 

Common scareware tactics

Cybercriminals use psychological manipulation and technical tricks to make scareware appear urgent and convincing. Here are some of their most effective tactics.

1. Fake virus scans and security warnings

Scammers create web pages that mimic antivirus software, showing an instant “scan” that falsely claims your system is infected. These fake scans are designed to:

• Display a list of supposed threats in real-time, even though no real scan is happening.
• Use red text, warning symbols, and urgent language to create panic.
• Push you to download a security tool that’s hiding a malware scam.

Legitimate antivirus software never runs a scan from a website without first being installed on your device.

2. Persistent pop-ups that trap you on the page

Some scareware sites use pop-ups that are difficult or impossible to close, pressuring you to act. These may:

• Disable the back button or prevent you from leaving the page.
• Trigger endless pop-ups, each one claiming your device is in danger.
• Warn you against closing the page, claiming it could “damage” your system.

A real security alert won’t trap you on a website or force you into clicking anything.

3. Fake tech support scams

Some scareware pop-ups provide a phone number for “tech support”, claiming you need expert help to remove threats. These scams:

• Impersonate major tech companies like Microsoft, Apple, or Google.
• Use scripted scare tactics—the person on the line will insist your device is compromised.
• Ask you to grant remote access to “fix” the issue but instead install malware or steal your data.

Legitimate tech support never cold-calls people or asks for remote access through a pop-up warning.

4. Malicious ads and redirects

Scammers use malvertising—infected online ads that redirect you to scareware pages. These ads can:

• Appear on legitimate websites, often disguised as security alerts.
• Redirect you to a full-screen scareware warning the moment you click.
• Install malware automatically if your device isn’t secure.

If you suddenly see a pop-up warning about an infection just from clicking an ad, it’s a scareware scam.

5. Software bundling and fake downloads

Some scareware is hidden inside free software downloads from untrustworthy sources. It may:

• Install alongside freeware, browser extensions, or pirated programs.
• Disguise itself as a “free antivirus tool” that actually spreads malware scams.
• Change your browser settings to flood you with fake security warnings.

Always download software from official sources to avoid bundled scareware.

Signs you might be targeted by scareware

If you experience any of the following, you’re likely dealing with a scareware scam:

• Sudden pop-ups warning of a virus, especially if you weren’t running a security scan
• Warnings that won’t close or prevent you from leaving the page
• Requests for payment to remove a threat
• Strange security software names you don’t recognize

Spelling errors or odd formatting in the warning message

Scareware examples: real-world attacks and threats

Scareware isn’t just an abstract cyber threat—it has tricked millions of people into downloading malware, handing over their data, or paying for fake security fixes. Here are some real-world examples of how it works.

Scareware pop-ups: fake virus warning alerts

One of the most common scareware tactics is fake virus alerts. These alerts often:

• Take over your entire screen, preventing you from doing anything else.
• Use alarming language like “Your files are at risk!” or “Critical threat detected!”
• Display countdown timers to pressure you into clicking.
• Mimic real antivirus software, using official-looking icons and branding.

The pop-up claims your system is infected and urges you to click a button to remove the virus. Instead of downloading antivirus software, clicking installs malware—often spyware, adware, or even ransomware.

If you see a scareware pop-up, don’t click anything, especially not the “X” button to close it. Instead:

• On Windows: Press Ctrl + Alt + Delete, open Task Manager, select your browser, and click End Task.
• On Mac: Click the Apple icon and Force Quit, select your browser, and click Force Quit.

After closing the browser, clear your cache and run a legitimate antivirus scan to ensure no malware was installed.

Scareware emails: phishing and malware traps

Scareware isn’t limited to pop-ups. It also spreads through phishing emails designed to look like urgent security warnings. These emails:

• Appear to be from reputable sources like Microsoft, Apple, or your bank.
• Warn that your account has been hacked or your computer is infected.
• Contain malicious links or attachments that install malware if clicked.

These emails spoof legitimate addresses and use urgent language to make you act fast. They might ask you to download a security patch, which is hiding a malware scam, or direct you to a fake login page to steal your credentials. Some scamware emails also offer “technical support” that convinces you to install a harmful program.

To keep yourself safe, don’t click on links or download attachments from unknown senders. You should also:

• Hover over links to see if the URL looks suspicious before clicking.
• Verify emails by contacting the company directly—never use the contact details in the suspicious email.
• Enable spam filters and use email security software to detect phishing attacks.

Read more: How to stop getting spam emails

Famous scareware attacks and notable cases

One of the earliest major cases was the Secure Computer lawsuit in 2006. Microsoft and the Washington state attorney general took legal action against Secure Computer, which sold a scareware program called Spyware Cleaner. The software falsely flagged harmless files as high-risk threats, pressuring people into paying for unnecessary security fixes. Making matters worse, the company misrepresented its product as being endorsed by Microsoft, misleading thousands of people into thinking they were installing a legitimate security tool.

In 2010, the Minneapolis Star Tribune malvertising scam made headlines. Visitors to the newspaper’s website were unknowingly exposed to infected online ads as part of a widespread malvertising campaign. Clicking on these ads redirected people to fraudulent websites, where they were bombarded with scareware pop-ups claiming their devices were infected. 

Many of these fraudulent sites tricked visitors into downloading malware or purchasing fake security software. This attack was particularly dangerous because it exploited a trusted news website to spread scareware, showing that even legitimate platforms can be used to deliver cyber threats.

Another major case involved a fake version of Microsoft Security Essentials, which circulated in the 2010s. Cybercriminals developed a counterfeit version of Microsoft’s well-known antivirus program, tricking people into installing what they believed was a legitimate security tool.

Once installed, the fake software scanned devices and falsely reported infections, then demanded payment for a “full version” to fix the supposed issues. This scam deceived thousands of people into paying for a worthless product while unknowingly installing real malware on their devices.

How to remove scareware and get rid of fake virus warnings

If you’ve encountered fake virus alerts or persistent scareware pop-ups, don’t panic. Scareware is designed to make you act out of fear, but you can remove it safely without falling for the scam. 

Step-by-step guide: how to remove scareware safely

The first step to removing scareware is to uninstall the program from your computer or mobile. Follow our step-by-step guides to help you.

Removing scareware from Windows

1. Close the scareware pop-up: Don’t click any buttons on the pop-up, including “Close” or “X,” as these may trigger malware downloads. Instead, use Task Manager to force close your browser.

• Press Ctrl + Alt + Delete and select Task Manager.
• Find your browser under the Processes tab.
•  Click End Task to force close it.

2. Restart in Safe Mode:

• Press Windows + R, type msconfig, and click Enter.
• Under the Boot tab, check Safe boot and select Network. Click OK and restart.

3. Uninstall suspicious programs:

• Go to Control Panel then click Programs
• Select Uninstall a program and look for unfamiliar or recently installed software

4. Run a full scan with legitimate antivirus software: Use Windows Defender or a trusted third-party antivirus to detect and remove any malware.

5. Clear browser cache and reset settings: 

• Open your browser and go to Settings, then Privacy & Security.
• Click Clear browsing data.
• Reset your browser settings to default under Advanced settings.

Removing scareware from Mac

1. Force quit your browser:

• Click the Apple menu, then Force Quit.
• Select your browser and click Force Quit.

2. Restart your Mac in Safe Mode:

• Shut down your Mac and turn it on while holding the Shift key.
• Once in Safe Mode, scan your system for malware.

3. Check and remove suspicious apps:

• Open Finder, then Applications, and look for any unknown programs.
• Drag them to the Trash, then empty the Trash.

4. Reset your browser settings:

• Open Safari, Chrome, or Firefox, go to Preferences and reset to default settings.

5. Run a malware scan:

• Use Mac’s built-in security tools or a trusted antivirus program like Malwarebytes.

Removing scareware from Android and iPhone

On Android:

• Reboot into Safe Mode by holding the power button and long-pressing Power off, then selecting Safe Mode.
• Go to Settings and Apps, look for unfamiliar apps, and uninstall them.
• Run a security scan using Google Play Protect or a trusted antivirus.

On iPhone:

• If a pop-up won’t close, force quit Safari (swipe up and close it).
• Clear Safari history by going to Settings, then Safari, and Clear History and Website Data.
• Remove suspicious profiles under Settings, then General, and VPN & Device Management.

How do I get rid of virus warning pop-ups?

Scareware pop-ups can be annoying and persistent, but they can be removed with a few quick steps:

1. Don’t click anything: Even clicking “Close” can trigger downloads.
2. Force close your browser: Use Task Manager (Windows) or Force Quit (Mac) to shut it down.
3. Clear your browser cache and cookies:

• On Chrome: Go to Settings > Privacy & Security > Clear browsing data.
• On Safari: Open Settings > Safari > Clear History and Website Data.

1. Reset browser settings: If pop-ups keep returning, reset your browser to default settings.
2. Check browser extensions: Remove any unfamiliar or suspicious add-ons.
3. Run a security scan: Use an antivirus program to check for malware.

Recommended tools and software for cleanup

To remove scareware and prevent future infections, use trusted security tools that offer real-time protection, malware removal, and web security features. Here are some of the best options:

• Windows Defender (Windows): Windows Defender (also known as Microsoft Defender) is built into Windows and provides real-time malware detection, automatic scanning, and cloud-based protection. It effectively removes known threats, including scareware, and regularly updates its virus definitions to counter emerging cyber threats.
• Malwarebytes: Malwarebytes is one of the best tools for removing scareware, adware, and other potentially unwanted programs (PUPs). It offers a free version for manual scanning and a premium version with real-time protection against malware, ransomware, and phishing attacks. It’s highly effective for both Windows and Mac users.
• Bitdefender Antivirus: Bitdefender is a lightweight yet powerful antivirus that provides advanced real-time protection against scareware, malware, and phishing attacks. It includes behavioral detection to identify threats before they execute, anti-tracker features to protect privacy, and a secure browser for online banking and shopping.
• Google Play Protect (Android): Google Play Protect is Android’s built-in malware scanner, which regularly checks installed apps for suspicious behavior and scans new downloads before they install. It also warns users about potentially harmful apps and helps remove threats automatically. It’s an essential security layer for keeping your Android device safe from scareware and fake security apps.
• Avast or Norton: Both Avast and Norton offer comprehensive security solutions with anti-scareware protection, web filtering, and real-time malware scanning. Avast includes a free version with strong virus detection, while Norton provides more advanced features like firewall protection, identity theft monitoring, and dark web surveillance for premium users.

How to prevent scareware attacks and stay safe online

The best way to deal with scareware is to avoid getting infected in the first place. Follow our best practices to improve your online security and prevent scareware attacks.

Best practices for online security

Prevention is better than cure. Follow these cybersecurity best practices to protect yourself:

• Use a full range of cybersecurity and network tools: A layered approach to security is the best defense against scareware and other online threats. Combine trusted antivirus software, firewalls, ad blockers, and a VPN to reduce your risk. Firewalls block malicious connections, ad blockers prevent pop-up scareware ads, while ExpressVPN encrypts your traffic to hide your activity and help stop hackers from targeting you.
• Use genuine antivirus software: A reputable antivirus program continuously scans for threats, quarantines malware, and removes infections before they can cause harm. Avoid free or unknown antivirus software that promises too much—many of them are scareware in disguise. Stick to well-known brands like Windows Defender, Bitdefender, Norton, or Malwarebytes.
• Never click on malware notifications: Scareware thrives on panic and urgency. If you see a pop-up claiming your device is infected, don’t click anything. Close your browser immediately using Task Manager (Windows: Ctrl + Alt + Delete, Mac: Force Quit). 
• Enable pop-up blockers: Scareware often spreads through malicious ads and pop-ups. Preventing them is an easy way to stop scareware before it reaches your screen. Most browsers allow you to disable pop-ups in the settings:
  • Chrome: Settings > Privacy and Security > Site Settings > Pop-ups and redirects
  • Safari: Preferences > Security > Block pop-ups
  • Firefox: Preferences > Privacy & Security > Permissions > Block pop-ups

Get ExpressVPN

How to protect your data from fake virus alerts

Scareware doesn’t just install malware—it can also trick you into revealing personal and financial information. Here’s how to protect your data from these scams:

• Keep your browser up to date. This helps protect against scareware pop-ups by ensuring your browser is on its latest security patch. Consider enabling automatic updates.
• Verify new software before you buy it. Think twice before providing personal or credit card information to a company that seems suspicious. A quick Google search can help you distinguish between genuine and fake software.
• Avoid accidental downloads. Do not use the “X” or “Close” buttons when trying to navigate away from a scareware pop-up, as this may trigger malware to download. Instead, close the window from your computer’s task manager.
• Monitor your device for malicious activity and Indicators of Attack (IOA). After successfully removing malware with an antivirus, monitor your device for any suspicious activity.

Want to strengthen your defense against scareware? ExpressVPN adds a layer of protection by encrypting your internet connection and hiding your IP address. This makes it much harder for scammers to track you or target you with fake virus alerts and malicious ads because they can’t see you online. ExpressVPN also helps keep your personal data secure, especially when browsing on public Wi-Fi, where cyber threats can be more common. 

Get ExpressVPN