It’s a scam that generates about $34 million for cybercrooks and infects about 35 million computers—each month. It happens like this:

You’re cruising the Internet when you’re suddenly confronted with a pop-up that looks like an authentic Windows security alert: “Warning! Your system requires immediate antivirus scan. Personal AntiVirus can perform fast and free virus and malicious software scan of your computer.”

Click “OK,” thinking the threat is real, and you will quickly learn that the scan actually costs between $30 and $80. What’s more, your purchase is a bogus protection program that does nothing.

Or maybe you realize the message—known as scareware or rogueware—is a scam. But click “Cancel” or the pop-up’s red X to try to close the warning, and what happens?

Most likely, you’ll still get repeated offers to buy the phony protection, along with an automatic download. Sometimes, this just slows the performance of your PC (Macs are rarely affected) and sets off a barrage of annoying new pop-up ads. Other times, you could install dangerous malware that lets hackers record your keystrokes as you enter user names and passwords on websites, including those that contain your financial information. Or you could be saddled with a “ransomware” program that makes your data inaccessible until you pay a fee.

Don’t click too quickly

“Clicking on anything in a scareware message can cause problems,” notes online security expert Ryan Naraine of Kaspersky Lab. “That is why scareware, without doubt, has become the fastest-growing online threat.”

So, what should you do when faced with these false security messages?

First, avoid clicking on any part of the pop-up. Instead, shut down your browser. On a PC, the safest way to do that is to simultaneously hit the Control, Alt and Delete keys on your keyboard, which will display the Windows Task Manager. Choose your browser program and click on “End Task.” You will probably lose any open websites, but it’s the best way to avoid causing harm to your PC or exposing your personal data to a hacker.

Next, immediately run a complete scan with authentic antivirus, anti-spyware software, Naraine says. “Don’t rely on a quick or smart scan.”

Scourge of surfing

Scareware has been around for about five years, invented by Russia-based scammers. But this year, some experts report a 300-fold increase in incidents compared with early 2008.

Crooks now buy advertising space on leading websites, sometimes posing as legitimate businesses. As users visit those sites and ads, they are redirected to scareware promotions. The result: You get problems, and the scammers get a commission for that redirection.

Hackers also open accounts on Twitter, Facebook and YouTube that contain links that unleash dangerous downloads. And they create malicious websites to capitalize on popular word searches, or insert dangerous code on legitimate sites.

In September, for instance, scareware attacks were unleashed through an advertisement on the New York Times’ website and from word searches on the 9/11 anniversary and the death of actor Patrick Swayze.

Another classic scam continues to vex PC users: a message offering to “update” a Flash player or other legitimate software on your computer. In reality, these messages trigger a scareware download.

However scareware makes its appearance, avoid the bait of these bogus prompts.

Sid Kirchheimer is the author of Scam-Proof Your Life.