Tech support scams generated $924 million in reported losses in 2025, with victims over age 60 accounting for 66% of the total according to the FBI. These scams exploit a simple reality: most people are not confident troubleshooting their own computers and will trust someone who sounds authoritative. Here is exactly how these scams work, from first contact to financial loss.
How Tech Support Scams Start
The Scary Popup
⚠ CRITICAL SECURITY WARNING ⚠
Your computer has been locked. Windows has detected suspicious activity.
Error Code: DW6VB36
Do NOT shut down your computer. Call Microsoft Certified Technicians immediately: 1-888-XXX-XXXX
Your personal data and financial information is at risk.
This full-screen popup appears while browsing — often triggered by a malicious ad on a legitimate website. The page uses JavaScript to prevent you from closing the tab or browser. Your computer is not actually locked, infected, or at risk. The popup is a webpage. Pressing Ctrl+Alt+Delete (Windows) or Command+Option+Escape (Mac) to force-quit the browser resolves it immediately.
The Cold Call
Someone calls you claiming to be from Microsoft, Apple, or your internet provider. They say they have detected a virus on your computer or suspicious activity on your network. Microsoft, Apple, and ISPs do not make unsolicited calls about device security. Ever.
The Search Engine Ad
You search for "HP printer support" or "QuickBooks help" and click a sponsored ad that looks official. The phone number connects you to a scam call center, not the actual company. Always verify support numbers on the company's official website, not through search ads.
Think it might be a scam?
Paste it here for a free, instant verdict.
Free · No signup required · Cmd+Enter to scan
The Scam Playbook: Step by Step
Step 1: Establish Authority
The scammer identifies themselves as a "Microsoft Certified Technician," "Apple Support Specialist," or similar title. They may provide a fake employee ID number and reference a "case number." They use technical jargon to sound credible.
Step 2: Create Panic
They claim your computer is infected with malware, hackers have accessed your bank accounts, or your personal files are being stolen in real-time. Every minute you delay, they say, the damage gets worse.
Step 3: Gain Remote Access
They ask you to download remote access software — typically AnyDesk, TeamViewer, ConnectWise, or UltraViewer. These are legitimate tools abused by scammers. Once installed and connected, the scammer can see your screen, control your mouse and keyboard, and access your files.
Step 4: The Fake Diagnosis
With remote access, the scammer opens tools that look alarming to non-technical users:
- Event Viewer: They show you the Windows Event Viewer, which always contains warning and error entries during normal operation, and claim these are signs of hacking.
- Command Prompt: They run commands like
netstat(shows network connections) and claim the foreign addresses are hackers. They are actually normal connections to Microsoft, Google, and your ISP. - Task Manager: They point to normal background processes and call them "malware."
None of these "findings" indicate actual problems. They are normal system information presented in a frightening way.
Step 5: The Payment
The "fix" costs $200-$800 for a one-time repair, or $300-$500/year for an "ongoing protection plan." They ask for payment via:
- Gift cards (they ask you to read the redemption codes over the phone)
- Wire transfer
- Direct bank login (they ask you to log into your bank while they have remote access)
- Cryptocurrency
Some scammers go further. While they have remote access, they open your bank's website, manipulate the display to make it look like they accidentally transferred too much money to you, and then ask you to "return" the excess — which was never actually transferred.
Advanced Variants
The Refund Scam
Months after the initial scam, the same scammers call back claiming the company is shutting down and they want to issue a refund. They ask for remote access again, have you log into your bank, then claim they accidentally refunded too much. They manipulate the HTML of the bank page to show a higher balance. You are asked to return the "excess" via wire transfer or gift cards.
The Subscription Renewal Scam
Subject: Your Norton/McAfee/GeekSquad subscription has been renewed for $349.99
If you did not authorize this charge, call 1-888-XXX-XXXX immediately to cancel.
You did not have this subscription. But the fear of a $349.99 charge makes you call. The rest follows the standard tech support scam playbook.
How to Protect Yourself
- Remember: legitimate companies do not cold-call about computer problems. Microsoft, Apple, and your ISP will not call you unprompted.
- Close popup warnings by force-quitting your browser. Ctrl+Alt+Delete → Task Manager → End Task (Windows). Command+Option+Escape → Force Quit (Mac).
- Never give remote access to someone who contacted you. Only grant remote access when you initiated the support request through an official channel.
- Verify support numbers independently. Type the company's URL directly into your browser and find their support number there. Do not use numbers from popups, emails, or search ads.
- If you are unsure whether a message or popup is real, paste the text into IsThisAScam.to for immediate analysis.
- Never pay for tech support with gift cards. No legitimate company accepts gift cards as payment.
What to Do If You Have Been Scammed
- Disconnect from the internet to sever the remote access connection.
- Uninstall the remote access software. Look for AnyDesk, TeamViewer, ConnectWise, or UltraViewer in your installed programs and remove them.
- Change all passwords from a different device. Prioritize banking, email, and social media accounts.
- Run a legitimate antivirus scan. Windows Defender (built into Windows) or Malwarebytes (free version) are trustworthy options.
- Contact your bank if you made a payment or logged into banking while the scammer had remote access.
- Report the scam:
- FTC: ReportFraud.ftc.gov
- FBI IC3: ic3.gov
- Microsoft (if they impersonated Microsoft): microsoft.com/reportascam
Helping Someone Who Has Been Targeted
If a family member or friend has been caught in a tech support scam:
- Be patient and nonjudgmental. These scams are psychologically sophisticated and target anyone, regardless of intelligence.
- Help them disconnect immediately and follow the recovery steps above.
- Check their recent bank statements together for unauthorized transactions.
- Consider setting their browser to block popups and notifications from unknown sites.
- Install a reputable ad blocker (uBlock Origin) to reduce exposure to malicious ads that trigger scam popups.
Received something suspicious? Check it now for free →