Fake Customer Support Scams
Imposters posing as retailer or platform support to steal logins, payments or remote access.
Last reviewed: 1 June 2026
What this scam is
Fake customer support scams involve criminals impersonating the help team of a retailer, marketplace, payment platform, or delivery service. They intercept or proactively contact people who need support — through fake phone numbers listed in search results, social media profiles that reply to public complaints, or search engine ads for support contact pages — with the goal of stealing credentials, card details, or direct access to the victim's device or bank accounts.
This scam exploits a moment of vulnerability. People who reach out for customer support are already dealing with a problem — a missing order, a refund that has not arrived, an account access issue. That frustration and urgency makes them more likely to follow instructions from someone who appears to be in a position to help.
The consequences can be severe. Remote access to a device can lead to complete financial account takeover. Shared one-time codes allow fraudsters to bypass two-factor authentication. Card details entered on a fake verification page are used for further fraud. The harm can extend well beyond the original purchase dispute.
How it works
The scam operates through several entry points. The first is search: when someone searches for a retailer's contact number, paid search ads for fake numbers may appear above organic results. The fake number looks authoritative in the ad, and the person calls it believing they have found official support.
The second is social media monitoring: scammers watch public complaint posts on social platforms and reply quickly with a fake support profile that looks credible. The person replying to their complaint feels assisted rather than targeted.
Once contact is established, the 'support agent' follows a script. They express sympathy, confirm the issue, and then ask for information or actions that seem procedurally necessary. These typically include: providing a one-time code sent to the victim's phone (which actually authorises a transaction or account change); entering card or bank details to 'verify the account'; or installing a remote-access application to 'allow the support team to investigate directly'.
Remote access is the most dangerous endpoint. Once granted, the fraudster can navigate the device, open banking apps, transfer funds, and create new payees — all while talking the victim through an apparently unrelated 'support process'.
Why this scam works
People in the middle of a support problem want it resolved. They are already in a service mindset — ready to follow instructions, provide information, and trust that the person helping them knows what they are doing. Fake support agents exploit this cooperative state.
The setting also creates plausibility. If you have just posted publicly about a problem with a retailer and someone replies claiming to be from that retailer's support team, the timing and context feel right. It takes deliberate scepticism to question something that fits so naturally into your expectation of what should happen.
A typical pattern
A person has an unresolved refund with an online retailer. They search for the retailer's customer service number, click the first result which is a paid ad, and call the number. The person who answers sounds professional, confirms the order number, and says they can see the account. To process the refund, they ask the caller to install a screen-sharing app so they can 'verify the account from their end'. Once the app is installed, the caller is talked through unrelated steps while the agent navigates to the banking app open on the device and initiates transfers to an account they control.
Common red flags
- Support that contacts you first after you posted a public complaint
- Support phone number found via a search ad rather than the official site
- Requests to install remote-access or screen-sharing software
- Asking for one-time security codes or passwords
- Requests for full card details to 'process a refund' or 'verify the account'
- Agent seems to know your issue without you explaining fully
- Support requests gift card payment to resolve a problem
- Urgency or pressure to act immediately before the issue 'escalates'
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Hi, this is [retailer] support. To process your refund, install [remote tool] and share the code.
I can see your case here — I just need you to confirm the code sent to your phone to verify it is you.
To complete your refund, I need your card number to reverse the charge directly.
Please install [app name] so I can connect to your account and escalate this for you.
We can resolve this now — just send [amount] in gift cards to cover the account security hold, and it will be refunded immediately.
Common variations
- Search-ad fake numbers appearing above genuine support results
- Social media reply scams monitoring public complaint posts
- Email impersonation following a genuine purchase or dispute
- Fake refund processing requiring card or bank details
- Remote-access scams using screen-sharing apps to access financial accounts
- Follow-up calls after a previous contact — 'your case is being escalated'
How to verify before you act
Always find support contact details by starting from the retailer's official website or app — navigate there yourself rather than using search results or links in messages. Bookmark official contact pages for services you use regularly.
Be particularly careful about phone numbers found through search engine ads. Ads can be placed by anyone and may appear before genuine results. Look for the official site's contact page in the organic results, or go directly to the site and find the number there.
Genuine support agents do not need you to install remote-access software. They do not need your one-time security codes. They do not need your password. If any of these are requested, end the call or conversation immediately and contact the real retailer through a channel you have independently verified.
Payment methods used
- Card details harvested
- Gift cards
- Remote access to bank apps
Who is usually targeted
- Shoppers seeking refunds
- People with delivery or account issues
What to do immediately
- If you are currently in contact with what may be fake support, end the call or conversation immediately
- If you installed remote-access software, disconnect your device from the internet and uninstall the software
- Change passwords for any accounts that may have been visible or accessed
- Contact your bank immediately if any financial accounts were accessed or details shared
- Find and use the real retailer's verified contact channel to report what happened
- Report to your national fraud reporting service
- Monitor your accounts and statements for unauthorised activity
How to prevent it
- Always find support contact details from the official website or app — never from search ads
- Bookmark official support pages for retailers and platforms you use regularly
- Never install remote-access or screen-sharing software at the request of an inbound support contact
- Never share one-time security codes with anyone claiming to be support
- Hang up or end the chat if support asks for your password or to install software
- If support contacted you first, end the interaction and use the verified contact channel yourself
- Monitor your accounts for unauthorised activity after any interaction with support — real or fake
Evidence to preserve
- The phone number, email address, or social profile used by the fake support agent
- Screenshots of any chat or social media interaction
- Any email from the fake support contact
- Notes on the call content if you spoke by phone
- The name of any remote-access software you were asked to install
- Any payment records if money was transferred
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How do I find genuine support?
Always start from the retailer's official website or app and use its listed contact channels. Avoid 'support' numbers from search ads, and never let support reached this way control your device.
What should I do if I gave remote access to my device?
Disconnect from the internet immediately. Uninstall any remote-access software installed during the call. Change all passwords, especially for banking and email. Contact your bank and alert them to potential account access. Report to your national fraud service.
I shared a one-time code. What should I do?
Contact your bank or the relevant account provider immediately. One-time codes can be used to authorise transactions or account changes. Report what happened and ask them to review recent activity.
How do fake support numbers appear in search results?
Scammers buy paid search ads using terms people use when looking for support. These ads can appear prominently. Ads are labelled as such — check for the 'Sponsored' or 'Ad' label and verify the domain before calling any number from search results.
Does real support ever ask for remote access?
Some legitimate tech support services do use screen-sharing, but only when you have initiated the contact and you know what you are consenting to. Inbound callers or social media contacts asking you to install remote-access tools as a first step should always be treated with extreme caution.
Can I report the fake support number to get it removed?
Yes. Report it to the advertising platform if it appeared as an ad, to the real retailer whose name it used, and to your national fraud or consumer protection service. Fake numbers can be reported to phone regulators in many countries.
What if the agent knew my order details?
Scammers monitoring public complaint posts can see any order details you have shared publicly. They may also have purchased data from breaches. Knowing your order number or name is not evidence they are genuine support.