Fake Tech Support Calls
Callers posing as Microsoft, Apple or your ISP who claim a problem and request remote access.
Last reviewed: 1 June 2026
What this scam is
Fake tech support scams involve someone — either an unsolicited caller or a person you reach via a pop-up prompt — impersonating a well-known technology company, your internet service provider, or an official security organisation. They claim your device has a serious problem: a virus, an error generating alerts on their system, an account breach, or similar. Their ultimate goal is to gain remote access to your device, steal money, or harvest your personal and financial data.
The scam can arrive in several ways. A call may come completely out of the blue. Alternatively, a scareware pop-up on your browser displays a phone number and urges you to call immediately. In some cases, you might see a suspicious charge on your account that prompts you to search for a support number — finding a fake one in the results instead of the real company's contact.
What makes this scam particularly effective is the authority the caller projects. They know general details about the software on your device (easily guessed) and use real-sounding technical terminology to build credibility. The call often feels like a genuine offer of help rather than an attack, which lowers your guard at exactly the moment it should be raised.
How it works
The caller identifies themselves as working for a technology company, a security team, or your internet provider, and states that their systems have detected a problem with your device — errors, malware, an active breach, or illegal traffic originating from your IP address.
To demonstrate the 'problem', they may ask you to open the Event Viewer on a Windows computer (a tool that always contains benign warning and error log entries) and point to entries as evidence of infection. They make normal system activity look alarming to someone unfamiliar with it.
They then ask you to install a legitimate remote-access or screen-sharing tool so they can 'fix' the problem. These are real pieces of software used by genuine IT support — the scam lies in who is using them and why. Once connected, the caller has full control of your screen.
From this point, the scammer may open your banking app or direct you to log into your bank and dim the screen so you cannot see what they are doing. They may transfer money to their own accounts, set up new payees, or take screenshots of your balances and login credentials. Some will plant actual malware for later use. Others charge large fees by card for a 'clean-up service' that accomplishes nothing.
The call can last a long time — sometimes hours — with the scammer maintaining friendly conversation to keep you comfortable and compliant.
Why this scam works
The scam succeeds because it appears to originate from a position of authority and helpfulness rather than threat. Most people have a mental model of tech companies as large, organised entities that monitor systems — so the idea that they might call feels plausible, even if it is not how these companies actually work.
The use of technical language — Event Viewer logs, IP addresses, error codes — creates an information asymmetry that is difficult to challenge in the moment. If you don't know what a normal Event Viewer looks like, the scammer's interpretation feels authoritative.
Additionally, once a small amount of trust is established (the caller is friendly, seems knowledgeable), the escalating requests feel reasonable in sequence. Each step — opening a tool, installing software, granting access — feels like a small, logical part of a legitimate support process.
A typical pattern
A person receives an unexpected call from someone claiming to represent a technology company. The caller says their system has been flagged by that company's security network as having errors. The caller asks the person to open a system diagnostics tool and points out log entries as 'proof' of infection. They then ask the person to install a remote-access application and share an access code. Once connected, the caller navigates to the person's online banking and dims the screen. After the session ends, the person discovers that several transfers were made to unfamiliar accounts and that a new payee was added.
Common red flags
- Unsolicited call claiming your device has a problem
- Pop-up urging you to call a number for 'Microsoft', 'Apple', or similar
- Request to install remote-access or screen-sharing software
- Being asked to open Event Viewer or Command Prompt to see 'errors'
- Asking you to log into your bank while connected to the session
- Payment by gift card for technical 'repairs'
- Caller knows your name but you never gave it to a tech company
- Strong pressure to act now and not tell family members
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
This is [tech company] support. Your computer is sending error reports to our servers. Install [remote tool] so we can fix it right away.
We've detected suspicious activity on your account. Please call [phone number] immediately — do not restart your computer.
Your internet service will be suspended in 24 hours due to virus activity detected on your IP address. Call [phone number] now.
Hi, this is the security team. There's been a login attempt on your account from another country. Can you verify your details?
We need to run a quick remote scan to protect your device. Please download [remote tool] from [fake link] and share the code with us.
Your support warranty has expired and we're seeing alerts from your machine. Call [phone number] to renew protection.
Common variations
- Cold-call variant — completely unsolicited call with no prior pop-up
- Pop-up prompt variant — scareware page displays a number to call
- Fake refund variant — caller claims you are owed a refund and needs bank access to 'deposit' it
- ISP impersonation — caller claims to be from your internet provider about network problems
- Fake search result — person searches for a support number and finds a fake one
- Follow-up call — second call to a previous victim claiming to offer recovery assistance
How to verify before you act
The fundamental rule is simple: major technology companies and internet providers do not make unsolicited calls about problems on your device. If someone claims otherwise, this is the scam.
If you are genuinely concerned that a call might be real, hang up and call the company back using a number from their official website — one you find yourself, not one provided by the caller. Take several minutes between ending the call and redailing, as scammers sometimes keep the line open.
Never search for a company's support number in a search engine immediately after a suspicious call — fake support numbers frequently appear in search results. Go directly to the company's official website.
If someone claims to be from your internet provider and cites your IP address as evidence, be aware that IP addresses are not private and do not prove a company called you. Anyone can look up or guess them.
Payment methods used
- Remote access to banking apps
- Credit or debit card
- Gift cards
- Bank transfer to 'safe accounts'
Who is usually targeted
- Older adults
- Less tech-confident users
- Anyone who has just bought a new device
What to do immediately
- Hang up immediately — real tech companies do not cold-call about device problems
- Do not call back the number given; look up the real company number on their official website
- If you already installed remote-access software, disconnect from the internet and uninstall it
- If you gave access, contact your bank immediately to check for unauthorised transactions
- Change all passwords from a clean, uncompromised device
- Enable stronger two-factor authentication on important accounts
- Run a security scan using software you installed yourself
How to prevent it
- Know that no legitimate tech company will cold-call you about device problems
- Never install remote-access software for someone who called you
- Never open your bank or enter financial details while on a remote session with an unknown caller
- Find support numbers only from the official company website — not from search results or callers
- If in doubt, hang up and call back via an official number after a few minutes on a different line
- Talk to older family members who may be more vulnerable to this scam
- If you have given access, treat all passwords and financial accounts as potentially compromised
Evidence to preserve
- Caller ID or number (even if spoofed)
- Name of the company or person the caller claimed to represent
- Name of any remote-access software installed
- Any session codes shared with the caller
- Bank statements for the period around the call
- Screenshots of any pop-up that prompted the call
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Does Microsoft or Apple call about viruses?
No. Major tech companies do not cold-call you about device problems or request remote access. Treat any such call as a scam and never install remote-access software for an inbound caller.
The caller knew my name — doesn't that mean they're real?
No. Names are easy to obtain from public directories, data breaches, or social media. Knowing your name does not prove a caller represents a legitimate company.
I already let them connect — what do I do?
Disconnect from the internet and end the session. Uninstall the remote-access software. Contact your bank to check for unauthorised access or new payees. Change passwords from a separate, clean device and review account activity.
They showed me errors in Event Viewer — was that real?
No. Event Viewer always contains warning and error log entries — this is entirely normal. Scammers use this to fabricate evidence of a problem. The entries they show you are not a sign of infection.
I paid by gift card — can I get my money back?
Gift card payments are very difficult to recover. Report to Action Fraud (UK), the FTC (US), or your national consumer authority immediately, and to the gift card issuer. Recovery is not guaranteed, but reporting helps track the scam.
Can these calls come from overseas?
Yes. Most fake tech support operations use VoIP technology that can spoof any caller ID, including legitimate-looking domestic numbers. The origin of the call is not a reliable indicator of legitimacy.
Why do they ask for gift cards?
Gift cards are effectively untraceable and cannot be reversed once the code is read out. Scammers prefer them because banks cannot recall the payment after the fact.