Threatcare

Clear, practical help to spot scams, avoid fraud, and recover if you've been caught out.

Spot the scam, protect your money, recover if it happens.

Tech-Support Scams: Fake Virus Pop-Ups, Cold Calls, and How to Stay Safe

By David Mercer  |  Reviewed by Dana Whitaker, CFE

Published · Last reviewed

Key takeaways

  • A tech-support scam invents a problem that isn't real: a scary pop-up, a fake 'Microsoft' or 'Apple' caller, or a virus warning, all designed to make you panic.
  • The trap is the remote-access request: once a stranger controls your screen, they can move money, install spyware, and read everything on your device.
  • No real company cold-calls you about a virus, demands payment in gift cards, or asks you to read out a one-time passcode.
  • If you've already let someone in, disconnect, run a security scan, change your passwords from a clean device, and contact your bank fast.

A tech-support scam is a con where someone pretends to be a technology company, invents a virus or account problem that isn’t real, and pressures you into granting remote access or paying to “fix” it. The crisis is fake; the access and the money are the only real parts. Once you know the three forms it takes, it gets much easier to shut down.

How tech-support scams work

Tech-support scams run the universal scam play: they manufacture fear, borrow the trust of a brand you recognise, and push you toward an unusual, hard-to-reverse payment. The “problem” is always urgent and always solvable only by them, right now.

The pressure usually arrives in one of three ways:

  • Fake virus pop-ups (scareware). A full-screen warning, often with a siren or a frozen mouse, claims your device is infected and tells you to call a number. Real antivirus software never does this.
  • Cold calls. Someone phones claiming to be from “Microsoft”, “Apple”, or your internet provider, saying they’ve “detected a problem” on your computer. Caller ID can be spoofed, so it proves nothing.
  • Remote-access requests. Whichever way they reach you, the goal is the same: get you to install a screen-sharing tool so a stranger can take control of your device.

The US Federal Trade Commission lists tech-support scams among the frauds older adults are most likely to report, and warns that no legitimate company will contact you unprompted to say your device is broken.

The fake virus pop-up

A scareware pop-up is designed to look like a system alert and to be hard to close. It often fills the screen, plays an alarm, and shows a “Windows Support” or “Apple Security” number. None of it is real.

I learned this watching my own father. A pop-up froze his laptop with a flashing warning and a number, and the panic it created was the whole point: he was three digits into dialling before he stopped. That is exactly the moment scareware is built for. There was no virus; there was only a web page pretending to be one. Closing the browser, or restarting the device if it won’t close, ends it. The number on the screen connects you to the scammer, never to support.

The cold call and the remote-access trap

The cold call is the most dangerous version, because it puts a confident human voice in your ear talking you through the “fix.” That fix is always the same: install a remote-access program so they can “clean” your machine.

Granting that access is the point of no return. With control of your screen a scammer can open your banking site, move money, install spyware that logs every keystroke, and copy your files. A common twist is the fake refund: they “accidentally” overpay a refund, then pressure you to send the difference back in gift cards. The CISA cybersecurity agency frames this as social engineering: the attacker manipulates you into doing the damage yourself, so no software has to break in.

What never to do

There are a few bright lines that, on their own, will stop almost every tech-support scam:

  • Never grant remote access to anyone who contacts you out of the blue, however official they sound.
  • Never read out a one-time passcode or any code your bank or an app texts you. Real staff never ask.
  • Never pay in gift cards, crypto, or wire transfers to “fix” a device. No genuine support team bills this way; these are the FBI Internet Crime Complaint Center’s classic irreversible-payment red flags.
  • Never call the number in a pop-up. Close the page instead.

When you can recognise these moves, the wider playbook is easier to read too. See how to spot a scam for the signals every scam shares.

What to do if you’ve already let them in

Act in order, and don’t waste time on blame: these scripts are engineered to fool careful people.

  1. Disconnect. Turn off Wi-Fi or unplug the network cable to cut the attacker’s control.
  2. Remove their access. Uninstall any remote-access app they had you install, then run a full scan with security software you trust.
  3. Secure your accounts from a clean device. Change passwords (start with email and banking) and turn on two-factor authentication.
  4. Call your bank if you paid or if they touched your accounts; speed gives the best chance of stopping a payment.
  5. Report it to the proper authorities so the data helps shut these operations down.

Older relatives are targeted hardest by this scam, so it’s worth agreeing a family rule in advance: protecting elderly relatives from scams sets one out. If money has gone, can you get your money back after a scam explains your options.

This is general information, not individual legal, financial, or security advice. If you’ve been targeted, report it to the proper authorities on our Resources page.

References

  1. How To Spot, Avoid, and Report Tech Support Scams, US Federal Trade Commission.
  2. Tech Support Scams, Cybersecurity and Infrastructure Security Agency (CISA).
  3. Internet Crime Complaint Center (IC3), Federal Bureau of Investigation.

Frequently asked questions

Will Microsoft or Apple ever call me about a virus?

No. Microsoft, Apple, and other genuine technology companies do not make unsolicited calls to tell you your device is infected, and they do not put a phone number inside a pop-up warning. Any call or pop-up claiming to be them about a virus is a scam. If you want to check your device, contact the company yourself using the number on their official website.

Is a virus pop-up with a phone number real?

No. A real antivirus program quietly quarantines a threat; it never fills your screen with a flashing full-page warning, a siren, or a support number to call. Those locked-screen pop-ups are scareware designed to frighten you into phoning a scammer. Close the browser or restart the device; never call the number shown.

What can a scammer do if I give them remote access?

A lot. With remote-access software they can see your screen, open your bank's website, move money, install spyware that records what you type, and download your files. Some fake a 'refund' that overpays you and then pressure you to send the difference back. If you granted access, disconnect from the internet and treat all your accounts as compromised.

I paid a tech-support scammer. Can I get my money back?

Sometimes, if you act quickly. Contact your bank or card provider immediately, as a card or transfer may be stopped or reversed. Gift cards and crypto are much harder to recover, so report those at once too. Speed is everything. See can you get your money back after a scam for the steps in order.

How do I protect an older relative from tech-support scams?

Agree a simple family rule: any virus warning, refund offer, or 'support' caller means hang up and ring you first. Make sure their devices update automatically, remove any remote-access apps a scammer asked them to install, and never let an unknown caller control the screen. Our guide on protecting elderly relatives from scams covers this in more depth.

Written by David Mercer. Reviewed by Dana Whitaker, CFE.

Our guides are written from personal experience and reviewed by a qualified fraud and security professional for accuracy. Read our editorial policy.

Related articles