Criminal gangs are raking in millions by exploiting security conscious internet users with rogue anti-virus scams, according to the Get Safe Online annual report
Most UK internet users are unaware of these scams, said the report, published to mark the start of Get Safe Online week 15-19 November.
The report highlights that despite increased use of security software, more than one-third of UK internet users (34%) still report being the victim of a computer virus attack, 22% have experienced a phishing scam, and 21% have been a victim of identity fraud.
One in four UK web users have been targeted by one of the rogue AV scams, the report said, either through cold calling the user pretending to be from a reputable IT company, or web pop-ups, tricking users into downloading and paying for 'anti-virus' protection, which is actually malicious.
Victims of rogue AV software are left out-of-pocket, their bank details stolen and their computers seriously compromised, say experts at GetSafeOnline.org, the UK's national internet security initiative.
"This is big business. In recent cases, we have seen gangs employing 300-400 people to run their operations and using call centre-scale set-ups to target victims en masse," said Sharon Lemon, deputy director, cyber crime, Serious and Organised Crime Agency (SOCA).
Criminals also pay as much as $150,000 a month to individual webmasters who are unwittingly advertising their fake software, which indicates that the returns are much bigger than this, she said.
Webmaster operations are believed to be widespread, said Lemon, sending out thousands of messages and only needing a small percentage of successful responses to be profitable.
Nearly half of UK web users say they have seen a pop-up window on their PC claiming that their computer has been infected by a virus, the research found.
Tony Neate, managing director of GetSafeOnline.org, said web users should ignore 'cold calls' from companies offering free virus checks, and be very cautious of any on-screen pop-ups.
"Most reputable IT providers do not approach customers in this way without prior notice or a direct request," he said.