Online, however, FAKEAV is a good example of a social engineering “success story.” By leveraging human weakness, FAKEAV effectively utilizes social engineering techniques such as blackhat search engine optimization (SEO) to trick users.if there's one time a vendor should not be laying the blame for users being fooled on "human weakness" it's when talking about scareware.
scareware generally presents itself to the user in very much the same way legitimate security products do. vendors should consider that maybe scareware purveyors can be so effective while imitating legitimate security vendors is because of how close legitimate security vendors' messaging is to being an outright scam in and of itself.
use our software. we'll protect you.
worry free computing
we take care of X so you don't have to
you need our solution
the virus problem is solvedetc.
while those wearing vendor-coloured glasses may see the average user's propensity to believe the messaging put forward by illegitimate security vendors as nothing out of the ordinary (and certainly nothing to do with them themselves), i see over 2 decades of marketing and media training the populace to be as unquestioning, as unthinking as a pack of lemmings in a mindless frenzy when it comes to what security vendors say (whether they're really security vendors or not).
it's not human frailty at work here, it's bad guys figuring out how to exploit the one thing that security vendors are loathe to change: their marketing and business practices. legitimate (or so-called legitimate) security vendors made the market for scareware. the scareware purveyors are just showing up to the party, putting their hands out, and having a slice of the pie handed to them on a silver platter.
if the security industry really wants to do something about scareware purveyors, they should stop acting so much like them and start fostering skepticism amongst the populace - not only skepticism in what others say but also in what you yourselves say. stop creating an environment where scareware flourishes. stop doing their market development for them and actually start dismantling that blind-trust based market in spite of the fact that it's paid you so well in the past.
the bad guys are milking your cash cow, vendors. it's time to stop treating customers like cattle. it's time for you to lead rational critical thinkers rather than herd livestock. it's time for you to stop being part of the problem.