Have you ever run into scareware on your computer? It’s a kind of malware that often generates a popup, made to look like it’s part of your operating system. A typical scareware message might tell you that a huge number of infected files have turned up on your system. It would then offer you the chance to buy a program to fix the problems, a program that may actually be the malware you are hoping to avoid. The best you get out of it if you bite is useless software. The worst is a computer that becomes infected and perhaps unusable.

It’s a dangerous world out there, and the best we can do with our PCs is make it harder for our systems to be penetrated, while remembering there is a good case for keeping absolutely critical information offline altogether if possible.

On that score, I’m struck by how often people become their own worst enemies. Scareware works by fooling people. And hackers know that most people try to be polite and often give the benefit of the doubt to avoid insulting strangers. That can result in the use of so-called “social engineering” to break into computer systems.

Think of social engineering as the act of influencing someone to break their own security procedures, not by software but through human interaction. Instead of breaking into a system, a skilled social engineer might get a password by gaining the confidence of an authorized user.

Do anti-vral programs help?

A case in point: Last week I received a call from an outfit with “Micro” in its name – it was hard to make out the full name because the caller sounded like he was in a distant place indeed, judging from the quality of the connection. He told me that his company had been receiving reports of rampant virus attacks among my neighbors. At this point I knew I was dealing with a scam, but I decided to play along to see what the angle was. And sure enough, he told me that if I would give him access to my computer (“We see you are using Windows 7,” he said), he could run some diagnostic routines to root out the virus.

Since I use Linux on my primary machine rather than Windows 7, it would have been fun to engage him on this, but I didn’t have time to do more than ask him why I would need his diagnostics if I already had anti-virus protection, which I do have on my Windows machine. And he told me that none of the anti-virus programs out there were effective, adding, “It’s as if you put a Mercedes engine into a Toyota. It doesn’t fit!”

Use common sense

I’m sure it wouldn’t, but after I hung up and did some research, I learned just how widespread this routine has gotten to be. There are reports of similar scams all over the place, and it’s not known whether the people involved are simply trying to scare you into buying an anti-virus product or setting various malicious programs loose in your system. Either outcome is possible, and I mention all this because when I told a friend about it the next day, his wife told me she had received the same call and had let the guy access her computer.

In her shoes, I believe I would reinstall Windows from scratch and change all my passwords. But it astounds me to learn how many people are willing to give a call like this the benefit of the doubt. We’re getting to recognize phishing scams and bogus lottery winnings via email, but something as low tech as a telephone scam is still lucrative enough to keep persistent hackers busy. So do remember that sometimes the only thing standing between your computer and an implanted virus is your own common sense. Not even the best software can replace that.

Paul A. Gilster is the author of several books on technology. Reach him at gilster@mindspring.com.