Tech support pop-up scams
Tech support scams trick victims into believing their computer has a serious security problem, then charge for unnecessary services or gain remote access to steal money and personal information, and they remain one of the most commonly reported fraud types affecting older adults.
What we know
Tech support scams typically begin with a fake warning, either a pop-up on a computer screen claiming the device is infected with a virus, an unsolicited phone call from someone claiming to represent a well known technology company, or a fraudulent search result leading to a fake support number, all designed to convince the victim that urgent technical help is needed. The scammer, posing as a technician, then convinces the victim to grant remote access to their computer using legitimate remote desktop software, which is then used to either fabricate evidence of infection, steal files and credentials directly, or install actual malware while charging a fee, often several hundred dollars, for the supposed repair.
The FBI's Internet Crime Complaint Center 2023 report recorded tech support fraud losses exceeding 924 million dollars, with victims over the age of 60 accounting for the substantial majority of both complaints and losses in this category, reflecting how these scams are often specifically designed to target older adults who may be less familiar with normal computer security alerts and more trusting of an authoritative-sounding caller or official-looking pop-up warning.
A common technique involves pop-up windows designed to mimic legitimate Microsoft Windows security alerts, often triggered by visiting a compromised or malicious website, that lock the browser in a way that makes it difficult to close and display a fake toll-free support number along with alarming language about data theft or system failure. Scammers may also cold call victims directly, claiming to be from Microsoft, Apple, or a victim's internet service provider, asserting that suspicious activity has been detected on their account or device.
Once remote access is granted, scammers often open legitimate system tools such as Windows Event Viewer, which normally displays routine system logs, and point to standard, harmless log entries as supposed evidence of severe infection to justify the fraudulent charge. Payment is frequently demanded through gift cards, wire transfer, or cryptocurrency, payment methods that are difficult to trace or reverse, a pattern consistent across most tech support scam variants documented by the Federal Trade Commission.
In some documented cases, scammers escalate the interaction into a broader financial fraud, convincing victims that they were overcharged and are due a refund, then directing the victim to log into online banking during the remote session, at which point the scammer manipulates the screen to make it appear a refund has failed to process correctly and that money must be sent back, when in fact they have simply transferred the victim's own funds between accounts to create a false appearance of an accidental overpayment.
Microsoft, Apple, and major antivirus companies uniformly state that they do not make unsolicited phone calls to customers about device security issues, and consumer protection guidance from the FTC and CISA recommends never granting remote access to an unsolicited caller, closing suspicious pop-ups using task manager rather than clicking anything within them, and verifying any support contact independently through a company's official website rather than a number provided in a pop-up or unsolicited call.
Common claims
- Microsoft calls you when it detects a problem with your computerFalse - Microsoft does not make unsolicited support calls
- A pop-up with a phone number is a real security alertFalse - legitimate security alerts never include phone numbers
- Giving remote access to a technician is safe if they call youFalse - unsolicited remote access requests are scams

