How does a tech support scam actually work?
Tech support scams use alarming fake alerts or cold calls to convince victims their device is infected, then gain remote access to steal data or money while charging for nonexistent fixes.
Last reviewed: 10 June 2026
Explanation
The most common entry point is a browser pop-up that fills the screen with an urgent warning — fake Microsoft or Apple logos, alarm sounds, and a phone number to call immediately before 'all data is deleted'. These pop-ups are designed to be difficult to close and are served through malicious ads on otherwise legitimate sites. A smaller number of scams begin with an unsolicited phone call from someone claiming to be from a tech company's support team.
When the victim calls or accepts the call, a confident-sounding technician talks them through installing a legitimate remote-access tool such as AnyDesk or TeamViewer. Once connected, the scammer opens command windows showing scrolling text or 'error' logs, misrepresenting normal system output as evidence of serious infection. Victims who are not technically fluent have no way to evaluate what they are seeing.
The scammer then proposes a fix — for a fee, sometimes charged to a gift card, wire transfer, or credit card. Some go further: they navigate to the victim's bank account, claim to be processing a refund, and manipulate the screen to make it appear a larger amount was sent 'by mistake', pressuring the victim to send the 'overpayment' back. This is a separate cash-extraction tactic layered onto the original scam.
After the session, the scammer may have installed actual malware for future access, noted passwords, or screenshotted financial accounts. The support 'subscription' they sell is worthless.
Common red flags
- A pop-up appears claiming your device is locked or infected, with a phone number to call
- You receive an unsolicited call claiming to be from Microsoft, Apple, or your internet provider
- You are asked to install a remote-access program to let someone 'fix' your device
- The technician shows you command-prompt output and claims it is evidence of viruses
- Payment is requested by gift card, wire transfer, or cryptocurrency
- You are told a refund was sent in error and asked to return money
What to do now
- Close the pop-up by force-quitting your browser — do not call any number shown
- If you already called and gave access, disconnect the internet immediately
- Run a reputable security scan from software you downloaded directly from the developer's site
- Contact your bank if any financial details were visible during the remote session
- Change passwords for any accounts visible during the session
- Report to your national consumer protection authority and the impersonated company
Frequently asked questions
Does Microsoft or Apple ever call customers to warn about viruses?
No. Neither company proactively calls customers about device problems. Any such call is a scam.
If I gave remote access but did not pay, am I still at risk?
Yes. The scammer may have installed software or noted passwords. Disconnect the device, run a security scan, and change critical passwords from a different device.
Why do scammers ask for gift cards?
Gift card codes are treated like cash, cannot be reversed, and are not covered by credit-card fraud protections. They are also easy to liquidate quickly.