Fake Microsoft / Apple Support Popup & Call Script
A browser popup imitates an official Windows or macOS security alert, warning of viruses or a hacked account and providing a number to call for "support." Calling connects you to a scammer who talks you into granting remote access to your device, then uses that access to poke through personal files, harvest banking logins, or charge you for a fake repair or unnecessary security subscription. The lever is a convincing visual disguise paired with urgency about an active threat. The most important step is to close the browser without calling the number, since neither Microsoft nor Apple send security warnings this way.
Last reviewed: 1 June 2026
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
MICROSOFT ALERT: Your device has been blocked due to suspicious activity. Call [phone number] now to prevent data loss.
Apple Security Warning: your iCloud account has been breached. Do not restart. Call certified support: [phone number].
(On call) I'll need to remote in to run diagnostics. Please download [tool name] from [fake link].
Our scan found [number] threats. A one-year protection plan is [amount] — we can process that while we are connected.
Please log in to your bank so I can verify the charge for the repair package has cleared correctly.
What the scammer wants
To use a scareware browser alert to prompt a call, then gain remote access to the device to steal data, harvest banking credentials, and charge for non-existent repairs or security subscriptions.
Red flags in the message
- Full-screen popup with a Microsoft or Apple logo and a phone number
- Browser appears locked — the page may use full-screen mode to simulate a freeze
- Instruction not to restart the computer
- Caller asks you to install remote-access software
- Request to log in to your bank during the remote session
- Demand for payment for a 'protection plan' or 'virus removal'
- Caller stays on the line the entire time you are logged in to accounts
A safe response
Close the browser or force-quit it — you can restart safely. A webpage cannot scan your device. Neither Microsoft nor Apple will ever display a phone number in a browser alert or request remote access through an unsolicited call.
What not to send
- Remote access to your device
- Payment for 'repairs' or 'protection plans'
- Bank login details or one-time codes
- Any personal or card details
What to do if you already replied
- Disconnect from the internet immediately and uninstall any remote tool installed during the call
- Change all passwords from a separate, clean device
- Contact your bank and flag any transactions made during the session
- Run a full security scan once the remote tool is removed
- Report the incident to the real company's fraud line
Evidence to preserve
- Screenshot the full message or call details
- Note the sender number, email, or profile
- Save any links (without clicking) and payment details
- Record dates and times
Frequently asked questions
The popup had the real Microsoft/Apple logo and even played a warning sound — is it still fake?
Yes, copying logos, colours, and sounds is trivial for scammers building these fake alert pages, so visual polish proves nothing. The giveaway is that it's a webpage in your browser, not a genuine operating-system notification, and it includes a phone number — something real security alerts never do.
I called and gave them remote access — what should I do immediately?
Disconnect the device from the internet, uninstall the remote-access software, and get help from a trusted person if unsure how. From a separate device, change your important passwords (email, banking, Microsoft/Apple ID) and contact your bank if you shared payment details.
I paid for a 'security subscription' or 'repair' — can I get a refund?
Contact your card issuer to dispute the charge as fraudulent, since most cards offer chargeback protection for unauthorised or fraudulent services. Also uninstall any software they had you install to prevent continued access.
How do I stop these popups from appearing again?
These usually come from a malicious ad, compromised website, or unwanted browser extension rather than an actual infection — check your browser's extensions and remove anything unfamiliar, keep your browser updated, and use built-in popup-blocking and safe-browsing settings.