Cybercriminals are earning as much as £858,000 a year out of scareware, says Symantec.
Scareware, which is also known as fake antivirus, is a ploy by cybercriminals to get web users to download dodgy programs using realistic messages and pop-ups warning of fake malware infections.
Web users are scared into purchasing the bogus security software at £20 to £30 a time. In some cases the hoax software downloaded onto a PC also contains keyloggers and other malware that harvest information for use in ID theft.
According to Symantec's Rogue Security Software report, scareware has become one of the most popular forms of malware on the web today because "it preys on our fears when using the internet - if we believe we're open to a security threat then we're more likely to make a knee-jerk reaction".
The security firm said it had detected over 250 different types of scareware to date, and many of the cybercriminals drafted in to help distribute scareware are paid per install, which can result in earnings of up to £56,000 per month.
Symantec also revealed scammers earn the most money off of US users, although UK and Canadian users were close behind.
"Where Scareware differs from ID theft is that once set up, the whole victimisation process is automated by malicious software, from dissemination, to infection, to the scam, to the collection of money. In this way it is a significant cybercrime development," said Professor David Wall, a leading expert on cybercrime from Leeds University.
See also: Spam accounts for 86% of all emails