Fake Microsoft Tech Support Pop-Up Scam
Malicious browser alerts display Windows error screens and Microsoft branding alongside a phone number, tricking users into calling fake 'Microsoft Certified Technicians' who install remote-access software and steal money or credentials.
Part of: Fake IT Helpdesk Credential Scams
Last reviewed: 7 June 2026
Microsoft's Windows operating system is the most widely used desktop OS in the world, which means fake Windows error screens are a familiar sight — and a reliable lure for criminals. Tech support scammers have impersonated Microsoft for years, adapting their tactics as browsers and operating systems have evolved.
The scam typically begins with a browser redirect to a full-screen page that mimics the Windows Blue Screen of Death (BSOD) or a Windows Security alert. An audio recording or synthesised voice repeats a warning about a detected virus or compromised password. A phone number, often formatted to look like a Microsoft 800 number, is prominently displayed.
Calling the number connects victims to a fraudulent call centre. The 'technician' guides the caller through opening Event Viewer or running a command that lists harmless system warnings, which they misrepresent as evidence of a serious infection. They then request remote access and, once inside, stage a fake bank-account 'refund' that convinces the victim they have been overpaid, ultimately tricking them into sending money back via gift cards or wire transfer.
How this scam works on the Microsoft brand
The genuine Windows operating system displays error messages on the device itself — not through a browser. Real Microsoft support interactions are initiated by customers at support.microsoft.com, not through pop-ups. Microsoft does not embed phone numbers in Windows error screens or browser alerts.
Pop-ups use CSS and JavaScript to mimic the Windows 10 or Windows 11 BSOD, complete with a QR code, a percentage-loading bar, or an animated spinning cursor to suggest an ongoing system scan. Some variants exploit browser fullscreen mode to simulate a true system takeover, preventing easy navigation away from the page.
Remote tools like AnyDesk, UltraViewer, or ScreenConnect — all legitimate products misused by scammers — are installed once the call begins. The scammer then uses these tools to show a rigged command-line output, navigate to the victim's banking site while claiming to process a refund, and ultimately manipulate the victim's screen to appear as if money has been deposited that must now be returned.
Common red flags
- A browser tab shows a Windows BSOD-style page — real BSODs appear on your monitor, not in a browser
- The screen is locked and you cannot close the tab — press F11 or Alt+F4 on Windows to escape fullscreen
- You are asked to call a phone number displayed on a webpage for Microsoft support
- The caller asks you to open Event Viewer and points to normal-looking warnings as 'serious errors'
- You are directed to install a remote-access app (AnyDesk, UltraViewer, ScreenConnect) by an inbound caller
- The 'refund' process requires you to send money via gift cards, wire transfer, or cryptocurrency
How to protect yourself
- Close the browser tab immediately: use keyboard shortcuts (Ctrl+W on Windows, Cmd+W on Mac) or Alt+F4 to exit fullscreen
- Do not call any number displayed in a browser alert — Microsoft's real support is reached at support.microsoft.com
- Uninstall any remote-access software installed at the caller's instruction
- Run a scan with Windows Security (built-in) or a trusted security product to check for any malware delivered during the session
- If money was transferred, contact your bank immediately; for gift cards, contact the issuer's fraud line to attempt a hold
How to report it
- Report tech support scams to Microsoft at microsoft.com/reportascam
- File a complaint with the FTC at reportfraud.ftc.gov (US) or Action Fraud actionfraud.police.uk (UK)
- If money was lost, also report to the FBI's IC3 at ic3.gov (US)
- Report the phone number to your carrier and to the FCC at fcc.gov/consumers/guides/filing-informal-complaint (US)
Frequently asked questions
Can a real Windows error be displayed in a browser?
No. Genuine Windows system errors appear as system dialog boxes or on the Windows desktop — never inside a web browser tab. A browser page that looks like a BSOD or Windows security alert is always fraudulent.
I already gave remote access. What should I do?
Disconnect the remote session immediately by closing the remote-access app or disconnecting your internet. Change passwords for your email, banking, and any accounts accessed during the session. Run a security scan. If banking details were visible, contact your bank right away.
Why do scammers show me Event Viewer as 'proof' of a problem?
Windows Event Viewer contains thousands of routine warning and error entries on every healthy system. Scammers know ordinary users find these alarming without context. The entries they point to are normal background activity — they are not evidence of infection or hacking.