How do I spot a fake tech support pop-up?
Fake tech support pop-ups display alarming security warnings with a phone number — legitimate security software never asks you to call a number to resolve a threat.
Last reviewed: 10 June 2026
Explanation
Tech support pop-ups (also called scareware) appear in your browser as full-screen or near-full-screen warnings claiming your computer is infected with viruses, your data is being stolen, or your Windows licence has expired. They are designed to look like official Microsoft, Apple, or antivirus alerts. A loud alarm sound often accompanies the message to increase panic.
The pop-up instructs you to call a displayed phone number 'immediately' to receive help. If you call, the 'technician' will ask you to install a remote-access application (AnyDesk, TeamViewer, LogMeIn) so they can 'clean your computer'. They then show you genuine but harmless Windows logs as 'evidence of infection' and charge a fee — often several hundred pounds or dollars — for fake cleaning services.
These pop-ups are delivered through malicious advertising on legitimate websites (malvertising) or through visiting compromised sites. They are browser-based and do not mean your computer is infected. You can usually close them by pressing Escape, closing the browser tab with keyboard shortcuts (Ctrl+W), or using Task Manager to end the browser process if the page is truly locked.
Real antivirus and security software notifies you through its own application interface, not through a browser pop-up with a phone number. Apple and Microsoft do not send security warnings to your browser with a call-to-action number.
Common red flags
- Full-screen browser alert with a phone number to call
- Warning accompanied by a loud alarm or siren sound
- Message claims to be from Microsoft, Apple, or a named antivirus company
- Pop-up cannot be closed by normal means (designed to feel locked)
- Caller asks you to install remote access software
- Fee demanded for virus removal or system cleaning
What to do now
- Press Escape or Ctrl+W to close the tab — do not call the number
- If the browser appears locked, use Task Manager (Ctrl+Shift+Esc) to end the browser process
- Run a genuine antivirus scan (Windows Defender or a reputable third-party tool) for peace of mind
- Clear your browser's cache and check your browser extensions for anything unfamiliar
- Report the pop-up origin to the NCSC (UK) or IC3 (US)
- If you already called and gave remote access, disconnect immediately, change all passwords, and run a full scan
Frequently asked questions
Does seeing the pop-up mean my computer is already infected?
Usually not. Pop-up scareware is delivered by malicious ads or compromised websites. Closing it and running a scan is normally sufficient.
I cannot close the pop-up — has my browser been hacked?
No. Some scareware prevents normal closing using JavaScript. Press Ctrl+Shift+Esc to open Task Manager and end your browser process. Your files are safe.
I paid over the phone — can I get the money back?
If you paid by card, contact your bank to dispute the charge as a fraudulent service. Report to Action Fraud or the FTC. Act within 24 hours for the best chance of recovery.