Scam Detective

Tech Support Scams: How They Work and How to Fight Back

March 3, 2026

The phone rings, and the caller says they're from Microsoft, Apple, or your internet provider. They've "detected a virus" on your computer, or your "IP address has been compromised," or your "Windows license is expiring." They sound professional and concerned. They want to help you fix the problem — all you need to do is let them connect to your computer remotely.

This is a tech support scam, and it's one of the most profitable fraud categories in existence. The FTC receives tens of thousands of complaints about tech support fraud every year, with reported losses in the hundreds of millions. The real numbers are much higher — most victims don't report.

How the Scam Works

Tech support scams follow a predictable sequence, whether they start with a phone call, a pop-up, or an email.

Step 1: The Contact

Scammers reach you through one of three channels:

Cold calls: A robocall or live caller claims to be from Microsoft, Apple, Norton, McAfee, or your ISP. They say they've detected a problem on your device.

Pop-up warnings: A webpage displays a full-screen alert — often with a blaring alarm sound — saying your computer is infected. The pop-up includes a phone number to call for "immediate support." These pop-ups are triggered by malicious ads on otherwise legitimate websites.

Search engine ads: Scammers buy Google Ads for terms like "Microsoft support number" or "printer help." The phone number in the ad connects to a scam call center, not to the real company.

Step 2: Remote Access

The scammer asks you to install remote access software — usually AnyDesk, TeamViewer, ConnectWise, or UltraViewer. Once connected, they can see and control your screen.

They then run commands that produce scary-looking but meaningless output. Common tricks:

  • Opening Event Viewer and pointing to the yellow warnings (every Windows machine has these — they're normal)
  • Running netstat and claiming the foreign connections are "hackers"
  • Opening the Services panel and pointing to stopped services as "disabled security"
  • Showing the tree command output and claiming certain folders are "infected"

None of this indicates a real problem. They're exploiting the fact that most people don't know what normal system diagnostics look like.

Step 3: The Payment

Now that you're alarmed, they offer to "fix" the problem. The price ranges from $99 for a one-time cleanup to $499 for a "lifetime protection plan." They accept payment via:

  • Credit card (sometimes processed through legitimate-looking merchant terminals)
  • Gift cards (a huge red flag — no real company accepts gift card payment)
  • Wire transfer or cryptocurrency
  • Direct bank transfer (they may ask you to log into your bank while they have remote access)

Some scammers install actual antivirus software (the free version) and charge you hundreds of dollars for it. Others install a backdoor so they can "find another problem" in a few months and charge you again.

The Refund Variant

A newer version of the scam starts with an email saying you've been charged $399 for a tech support subscription renewal. You call the number to cancel, and they ask you to install remote access software so they can "process the refund." Once connected, they manipulate your browser to make it look like they accidentally refunded too much money (e.g., $3,999 instead of $399), then pressure you to send back the "overpayment" via wire transfer or gift cards.

No money was ever actually deposited. They edited the HTML on your banking page while they had remote access.

What Legitimate Tech Support Looks Like

Microsoft does not call you about viruses. Period. Microsoft doesn't monitor individual home computers and has no mechanism to detect infections on your device remotely. If you need Microsoft support, you initiate the contact through their website.

Apple does not cold-call about security issues. Apple support is initiated by you through the Apple Support app, the Genius Bar, or apple.com/support.

Your ISP might call about service issues (outages, billing) but will never ask to remotely access your computer to fix a "virus."

No legitimate company will ever ask you to pay with gift cards. This is the single clearest scam signal.

How to Handle a Tech Support Scam

If you get a call:

  • Hang up. Don't engage, don't argue, don't try to waste their time. Just hang up.
  • Search for the phone number using the search bar at the top of this page to see if it's been reported.

If you see a pop-up:

  • Don't call the number. Close the browser tab. If the pop-up won't close, force-quit your browser (Ctrl+Shift+Esc on Windows, Cmd+Option+Esc on Mac).
  • Clear your browser cache afterward. The pop-up came from a malicious ad, not from an actual infection.

If you already gave remote access:

  • Disconnect from the internet immediately (unplug ethernet or turn off Wi-Fi).
  • Uninstall any remote access software they had you install (AnyDesk, TeamViewer, etc.).
  • Run a full scan with your real antivirus software.
  • Change all passwords from a different device — the scammer may have installed a keylogger or seen credentials on your screen.
  • If you made a payment, contact your bank or credit card company to dispute the charge.

Who Gets Targeted

Tech support scams disproportionately target older adults, but no one is immune. The scammers are skilled social engineers who adapt their pitch based on the victim. They exploit:

  • Trust in authority: The caller claims to be from a company you already use.
  • Technical unfamiliarity: If you don't know what Event Viewer is, a scammer showing you "errors" in it is convincing.
  • Fear: "Your computer has been compromised" triggers a fight-or-flight response that overrides critical thinking.

Reporting Tech Support Scams

The more reports filed, the faster these operations get shut down. Individual reports matter because they feed into databases that law enforcement uses to build cases.