Our top tips to avoid fake antivirus scams

antivirus software scams
(Image credit: Shutterstock)

It's important to avoid falling into the relatively new – and increasingly prevalent – trap of downloading (and paying for!) malware disguised as antivirus software. This rogue security software is often difficult to remove from PCs and Macs and can cause real havoc.

Advertised via banner ads, pop-ups or email links, these rogue programs sometimes replicate user interfaces from genuine AV software and names that are similar to well known antivirus brands. 

The scams typically involve a ‘branded’ banner ad or pop-up (often resembling the process of antivirus scanning – but usually much quicker as no actual scanning is taking place: something of a giveaway) – or sometimes an email link – notifying users that their computer has a virus or other sort of malware, with believable descriptions, offering assistance in removing it. 

If the user were to be tempted by these scams, he or she would pay approximately £60 for the privilege of being scammed – either by being directed to a payment page or calling a number. Of course, the price of this ‘privilege’ pales in comparison with the potential damage the fake software can inflict – including corrupting files and stealing personal information and bank details (the latter, of course, taken when the payment is made).

So what should you look out for, and what can you do to avoid it (other than choosing a legitimate program from our best antivirus or best internet security software guides)? Here's a few sure signs to try and spot before you download...

Error messages

Scam pop-ups can resemble an error message from a user’s PC operating system or antivirus software, often using logos from trusted AV companies or websites, or imitations of them. The message usually warns of a security issue, providing a phone number to get help.

Cold callers

Another method of scamming with false AV software is via cold calling. Scammers call saying they’re from well known company’s technical support team – usually Microsoft – and that they’ve discovered malware on the user’s computer. 

Often the scam will be so sophisticated that the phone number will be replicated to look like it’s actually coming from Microsoft or similar. 

The scammer will usually try to get the user to install remote access software so that he or she can access the user’s computer and fix the ‘problem’. They then pretend to run a diagnostic test. In reality, the scammer will then install genuine malware to infect the computer, and as he or she will then have remote access, the user’s genuine AV software can easily be disabled.

When it comes to cold callers, the best advice is to never engage with them. Companies like Microsoft would never cold call, so any approach will almost certainly be a scam. PC and Mac owners should only ever contact AV companies themselves, and need to make 100% sure that they contact via the correct number, sourced from the genuine website.

Equally, there should be no response to email or social media reach-outs: again, these are likely to be scams. Attachments should be left unopened and links in emails or social media should not be clicked on: delete is the watchword.

Refunds and ransomeware

Sometimes scammers call or email to offer refunds for tech support services that users supposedly paid for, asking if they were happy with the service; should the user reply “no” a refund will be offered – and of course, bank details will be requested.

Ransomware is sometimes facilitated via antivirus scams too. This type of malware blocks or limits access to computer files, and then ransom demands are released via pop-ups to force the user to pay for unlocking the files. Of course, there’s no demand that if users pay that files will be unlocked.

Pesky pop-ups

To avoid fake antivirus scams, it’s important to not be tempted by supposed antivirus pop-ups of banner adverts providing a number to call. Genuine security warnings and messages never provide a number to call, and user should never call them.

If concerned, users should visit the branded AV website (to double-check in the likelihood that the pop-up resembles a genuine brand) and also ensure that the branded website URL is correct! At the same time, it’s crucial that users are fully aware of what the leading AV brands look like, and what their genuine names are, as fake AV software is often made to look like the real thing. 

Tempting freebies

Free antivirus software can also be more tempting than its paid-for iterations, given the lack of any cost. Easy to be tempted into downloading what looks like genuine freebies, especially as they are so widely advertised.

Users need to be aware of and thoroughly check the branding and refer back to the true websites of the available freebie brands.

And what to do if you're stung by a scam

In the event that users go ahead and pay a tech support scammer with a credit or debit card, it may be possible to stop the transaction by contacting the credit card provider or bank immediately. It is also a good idea to generally only use credit cards for online purchases, as credit card companies usually insure the card owner from online fraud. 

If a scammer has been given remote access to a computer, the user should update their computer’s security software immediately. Equally, in the event that user names and passwords have been given the scammer, passwords should be changed straight away; and if the same password is used anywhere else (something we’re all guilty of!), these should also be changed.

If scammer software has already been installed, they should be uninstalled immediately. It’s possible, but unlikely, that no damage will have been done.  

Finally, any scams should be reported to Microsoft or the appropriate AV providers – in other words, by contacting the branded company that the scammer is imitating (if indeed they are). 

Read more:

Top Ten Reviews Contributor

Where you see an article written by Top Ten Reviews Contributor, the author of this piece no longer works for the site or wishes to be identified as the author of the article. This is the general contributor profile, and differs from the Top Ten Reviews staff profile, as it denotes external writers.