How do I spot a fake Microsoft email or support call?
Fake Microsoft contacts claim your computer is infected or your account is blocked and push you to install remote-access software or buy gift cards — Microsoft never contacts you unsolicited about device problems.
Last reviewed: 10 June 2026
Explanation
Microsoft impersonation runs across two channels: email phishing and unsolicited phone calls. The email variant typically claims your Microsoft account has been compromised, a subscription has renewed unexpectedly, or a device registered to you is showing warning signs. The call variant claims to be from 'Microsoft Support' and says your computer is sending error reports.
In the email version, you are directed to a fake Microsoft login page, or to a phone number staffed by the scammers. In the phone version, you are persuaded to install remote desktop software (AnyDesk, TeamViewer) so the fraudster can 'check your system'. Once connected, they show you false error screens from Windows Event Viewer, demand a fee, and sometimes steal stored passwords or install malware.
Microsoft's legitimate services contact you through notifications inside your Microsoft Account dashboard (account.microsoft.com) or through the Windows activation system, not unsolicited emails or cold calls. They never ask you to pay for virus removal via gift card, cryptocurrency, or wire transfer.
If you receive a call, hang up. If you receive an email, log in to account.microsoft.com in a new tab and check your security alerts there. Never install remote-access software at the request of a caller you did not initiate contact with.
Common red flags
- Unsolicited phone call claiming to be from Microsoft about your computer
- Email sender domain is not @microsoft.com
- Caller or email asks you to install AnyDesk, TeamViewer, or similar software
- Demands payment by gift card for 'tech support' or 'virus removal'
- Pop-up or email claims your computer is 'blocked' and shows a phone number
- Urgency about account suspension or device being hacked
What to do now
- Hang up immediately if the call is unsolicited
- Do not install any software the caller requests
- Log in to account.microsoft.com directly to check your real account status
- If you already granted remote access, disconnect the software and run Windows Defender full scan
- Change all passwords on the device that was accessed
- Report to Action Fraud (UK) or the FTC (US)
Frequently asked questions
What if I see a real Windows error message with a phone number?
Legitimate Windows error messages do not include phone numbers. A pop-up with a call-to-action phone number is a browser-based scareware page. Close it with Task Manager if needed.
I already gave them remote access — what now?
Immediately disconnect (uninstall or close the remote software), then change all passwords, enable 2FA, and run a full antivirus scan. Monitor bank accounts for unauthorised activity.
Can they actually see my computer is infected without access?
No. Cold callers claiming your computer is 'sending error signals to Microsoft' are lying. This is a script — they have no knowledge of your device.