Scareware

You're probably familiar with the garden-variety phishing attack. Like a weekend angler, a phisher uses bait, such as an e-mail message designed to look as if it came from a bank or financial institution, to hook a victim. Scareware is a twist on the standard phishing attack that tricks you into installing rogue antivirus software by "alerting" you that your PC may be infected.

Don't take the bait: Stop and think. If, for instance, you don't, have any security software installed on your PC, how did the "alert" magically appear? If you do have a security utility that identifies and blocks malicious software, why would it tell you to buy or download more software to dean the alleged infection? Become familiar with what your security software's alerts look like so that you can recognize fake pop-ups.

Don't panic: You should already have antimalware protection. If you don't, and you're concerned that your PC may in fact be infected (not an unreasonable concern, given the existence of a rogue "alert" on your screen), scan your system with Trend Micro's free online malware scanner, HouseCall (housecall. trendmicro.com), or try running Microsoft's Malicious Software Removal Tool ({ind.pcwortii.cont/e433O)", for more help, sec "Additional Security Resources" on page 76. Once you complete that scan, whether it discovers anything or not, find yourself a reputable antimalware app and install it to protect your PC in the future.

Update your browser: Such fake messages will prompt you to visit the scammer’s Website, which may infect your system further. Current versions of most Web browsers and many Internet security suites (for reviews, see find.pcworld.com/84334) have built-in phishing protection to alert you to sketchy sites. It's important to note that while the databases these filtersuse are updated frequently to identify rogue sites, they aren't fail-safe, so you should still pay attention to any URL that you consider visiting. To make this easier, both Internet Explorer 8 and Chrome highlight the real, or root, domain of the URL in bold so that you can easily tell whether you're visiting, say, the genuine "www.pcworid.com" or a spoofed site like "www.pcworld.com.phishing-site.ru”