How websites can trick you into downloading malware

When you visit a webpage, it may try and install malware onto your computer.

Though in most cases, your Internet browser won’t let a webpage download anything that could be dangerous to your computer without your permission (unless a scammer has managed to target an outdated browser [keep your browser up-to-date!] or has discovered an unknown zero day exploit.)

This means that in most cases, the scammer will execute some kind of social engineering technique to try and trick a visitor into consenting to a download, by either fooling them into thinking they are downloading a legitimate file, or by disguising a download as something else entirely.

Here are some popular methods that webpages will use to trick a victim into downloading malware onto their own computer.

Fake video players, plugins & codecs

You visit a webpage to watch a video, but before you can watch, you’re told you need to download and install a plugin, codec, update or something else to update your video player. Or maybe you need to download a video player. Without it, you can’t watch the video.


An example of a fake plugin download prompt

This is a classic method that is used to trick users into downloading malware. The victim receives a prompt to download the plugin – which may de disguised with a brand name such as Adobe Flash Player – and once they comply, they’re downloading malware.

We have another blog post that details this method which you can read here.

Fake antivirus scans

Fake antivirus scans and prompts fool a victim into believing that they’re seeing their security software at work. They will often appear to scan the victim’s computer, and report that the system is infected with viruses.

Naturally, to the uninitiated, this will be an alarming notice and certainly one that will gain their attention. From there the victim will be prompted to download something to remove the threats.
However, perhaps ironically, this will be itself malware.


This is not a real antivirus scan, just a website pretending to act as security software.

Webpages and malware than fool a victim into thinking they already have a malware infection is dubbed scareware, since it scares the victim into complying. This is why it is important to become familiar with your own security software and not be fooled by fake antivirus scams.


Sponsored Content. Continued below...




Games, apps, extensions and other software downloads

You may think you’re downloading the latest update to Minecraft, or a fun app for your smartphone, or even the most current version of Microsoft Word, but do you trust the webpage you’re downloading them from?

If a victim thinks they’re downloading something legitimate, it stands to reason they will accept security prompts confirming they want to download and execute it. But this is a popular way scammers trick victims into downloading malware.


Not a real update for Minecraft

This is why it is so important to only download content from websites that you fully trust and have researched.

Fake competition and giveaways

Webpages often use fake giveaways to lure visitors into downloading files that they shouldn’t be downloading. Everyone wants something for free, and the possibility of prizes and giveaways often prove sufficient motivation to coerce victims into compromising their computers by allowing files to be downloaded onto their computers.


A fake competition will lead to a malware download

Like with all websites and downloads, if you don’t trust the source (the website) then don’t allow anything to download!

Of course there are other methods malware scammers can employ to trick a victim into agreeing to a download, but with all of the above examples, the same advice and knowledge can prevent you from all of these types of methods.

Simply put, never agree to download a file to your computer from a website/page that you do not trust. Criminals will employ any number of tricks to fool a victim into downloading harmful files, so ensuring you only download files from trusted sources will go a long way to avoiding malware infections.

Websites are of course not the only way to contract malware. Email, software exploits and even existing malware infections can all lead to the installation of malicious software. You can read our article on 5 common ways malware infects a computer here.

What other tricks to scammers use to fool people into downloading harmful files? Let us know below in the comments.

Share
Published by
Craig Haley