“Free Security Scans” are out to steal your money

By | February 25, 2011
Print pagePDF page

Those “Free Security Scans” could cost you time, money and a whole lot more
Windows all versions

We’ve recently had several emails come from InfoAve readers who’ve been tricked into downloading rogue security software. We thought it would be a good time to remind all of you, once again, not to fall for these malicious – and costly scams.

No doubt you’re already too well aware that on your travels around the Web you’re bound to be to come across messages telling you to install and update security software for your computer. And, you might be tempted by a “free security scan,” especially when this program or that has detected “malicious software” on your computer. But, much to everyone’s concern, that particularly scary message is most often (but not always) the first step in a very well planned consumer ( that means YOU) rip-off. The people who create these bogus programs are not stupid. They make them look very professional. They can make the scan windows look just like a dialog running on your Windows computer.

These free scans will always find a bevy of problems, and seconds later you’re bombarded with urgent pop-ups and messages to buy this or that security software. After you agree to spend $20, $30, $40 or more on the software, the program tells you that your problems are fixed. But the reality is harsh:  there probably was nothing to fix. Worse, the program you bought during the onslaught of urgent distress message is now installed on your computer – and it is not only useless and expensive, it could be very harmful.

These free bogus security programs that offer “free” scans – are not free – but they’ll find hundreds of problems (which don’t really exist) and then offer to fix all the problems they find if you buy the program. While there are certainly some legitimate software programs that work this way, they don’t jump out at you from a Web site and start warning you of problems. And these bogus security programs that sell themselves to you by scaring the daylights out of you often have authentic sounding names like “Windows AntiVirus 2010”, “Security Essentials 2010”, and dozens of other names designed to trick you into thinking they’re something they’re not.

The following is from the FTC’s excellent consumer fraud Web site:

“According to attorneys at the Federal Trade Commission (FTC), the nation’s consumer protection agency, scammers have found ways to create realistic but phony “security alerts.” Though the “alerts” look like they’re being generated by your computer, they actually are created by a con artist and sent through your Internet browser.

These programs are called “scareware” because they exploit a person’s fear of online viruses and security threats. The scam has many variations, but there are some telltale signs. For example:

* you may get ads that promise to “delete viruses or spyware,” “protect privacy,” “improve computer function,” “remove harmful files,” or “clean your registry;”
* you may get “alerts” about “malicious software” or “illegal  pornography on your computer;”
* you may be invited to download free software for a security scan or to improve your system;
* you could get pop-ups that claim your security software is out-of-date and your computer is in immediate danger;
* you may suddenly encounter an unfamiliar website that claims to have performed a security scan and prompts you to download new software.

Scareware purveyors also go to great lengths to make their product and service look legitimate. For example, if you buy the software, you may get an email receipt with a customer service phone number. If you call, you’re likely to be connected to someone, but that alone does not mean the company is legitimate. Regardless, remember that these are well-organized and profitable schemes designed to rip people off.

How do the scammers do it?

Scareware schemes can be quite sophisticated. The scam artists buy ad space on trusted, popular websites. Even though the ads look legitimate and harmless to the website’s operator, they actually redirect unsuspecting visitors to a fraudulent website that performs a bogus security scan. The site then causes a barrage of urgent pop-up messages that pressure users into downloading worthless software…..”

What can you do?

If you’re faced with any of the warning signs of a scareware scam or you suspect a problem, shut down your browser immediately. DO NOT click “NO” or “Cancel” or the “X” in the top-right corner of your browser. Most scareware trickery knows that you’ll try to close your browser in the middle of their pop-up and warning frenzy. So, ‘NO”, “CANCEL” and even the “X” in the top-right corner will activate the download.

So how can you safely shut down your browser in the middle of one of these scareware routines? You can press the ALT plus F4 keys in sequence – that will close the window in focus (the window on top). If there are underlying windows, you can keep pressing ALT + F4 until all the windows are closed. Or you can right-click on your task bar and choose “Task Manager” (or press Ctrl + Alt + Delete) click on Processes and highlight Internet Explorer or Firefox (or whatever browser you use) and right-click  and choose “End Process Tree”. This forces all instances of the browser to shut down immediately.

How do you know if a security program is legitimate or a scareware scam? You have the world at your fingertips – literally. Type in the name of the software program in Google (or your favorite search engine) and read the results. Most scams will show up as scams and legitimate programs will show up as legitimate. It only takes a few minutes of your time and it can save you hours of grief and hard earned money.

Check that your security software is active and current: at a minimum, your computer should have anti-virus and two anti-spyware software programs. Windows XP, Windows Vista and Windows 7 users should make sure that the Windows firewall is enabled.

If you have a new computer, remember that the security software that came installed on your computer (normally -and unfortunately- Norton or McAfee) when you bought is Trial Software and it will work for only a short time — unless you pay a subscription fee to keep it working. Trouble is, that many times these programs will simply stop updating after your subscription expires, even though the program still starts with Windows and appears to be working. Therefore, many people are using very outdated security software and don’t realize they are not protected. Others know it is expired and not updating, but figure that something is better then nothing at all. Not so!

If you bought a computer recently and you’re still using the security software that came with your computer, now is a good time to get rid of it and get something that works and that won’t cost you an arm and a leg every year or go ahead and pay McAfee or Norton’s annual ransom. But, either way, do not continue using out-dated security software or you’ll not be protected at all.

We strongly recommend if you have McAfee or Norton you dump whichever you have and get the programs we recommend instead (Microsoft Security Essentials, SuperAntiSpyware, Malwarebytes) and leave your Windows Firewall turned on. If you’ve had Norton, McAfee, Zone Alarm or any other program which includes or which is a third-party firewall,  you might find that your Windows Firewall has been disabled. If so, you can turn it back on by clicking Control Panel, Security Center, and making sure your Windows Firewall is enabled.

Don’t click on links within pop-ups generated by products you don’t recognize. Don’t click links in emails that come from unknown senders. Use care when opening your email – shut off the Windows Mail / Outlook Express preview pane. Don’t fall for the “A friend sent you a birthday greeting” (or similar) E-card scam. Don’t visit sites known for questionable content (like adult sites, ware/z sites, or questionable game or music download sites).

If you think you’ve been scammed or defrauded, report it to by going to www.ftc.gov or calling 1-877-FTC-HELP (1-877-382-4357) . Be prepared to give details about the purchase — including what website you were visiting when you were redirected. Any information you can give is helpful to investigators. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad. If you would like more information about the FTC’s program to stop online scams and schemes designed to defraud consumers, visit www.OnGuardOnline.gov . It’s an excellent site with lots of good information on how you can protect yourself, your identity and your money.

IMPORTANT! Please read:

And remember – no matter which antispyware or antivirus program you use, most will not protect you from rogue security programs. Why? Because rogue security programs are tricky – they install as normal software. The criminals who make rogue security software are not stupid. They are excellent programs who know how to evade detection. Since rogue security software is legitimate software it installs without being detected by most antivirus and antispyware programs. Rogue security program sites spawn popups with animated gifs made to look like something is scanning your computer. At the end of the fake scan, many problems (most serious and scary) will be detected – all will be fake. The fix for the fake problems is the rogue security program which requires the user to take action – i.e. click a download link. But many times closing the window is the same as clicking the download link. It’s tricky. You have to be careful.  You can tell if a rogue attack is going on because no legitimate security software starts scanning your computer without being initiated by you. No legitimate security software will flash a warning on your browser that you’re infected with spyware, viruses, or other malicious software. The only time legitimate security software warns you is if you’ve downloaded malicious programs or files. Some legitimate security programs may warn you that a site is unsafe – but it never tells you that your computer is infected when you are simply browsing the web. Only if you download something malicious or when you’ve come to a site with malicious content.

You have to learn to tell by the actions a rogue security program takes and by the methods it uses – you cannot rely on your antispyware or antivirus to protect you from yourself.


Reimage Before you call a computer repair tech or spend several hundred dollars – consider Reimage! In an era when big companies like Best Buy’s Geek Squad spend millions and millions of dollars extolling the virtues(?) of its sundry services, many folks with broken computers will simply pick up the phone and call Geek Squad or another heavily-advertised computer repair service. It’s not until the repair is finished that the computer owner realizes how Geek Squad can afford all those cute(?) Volkswagens and that multi-gazillion-dollar ad budget.  The shock is the bill – if you have your computer repaired in your home it will cost $299.95 – if you lug it into a Best Buy near you, you’ll pay $199.95. And what do you get for that much money? If your computer isn’t running well and is in need of repair – READ THIS before you call Geek Squad or someone else!

Leave a Reply

Your email address will not be published. Required fields are marked *