TECH SUPPORT SCAMS

Tech Support Scams: The Complete 2026 Guide

Fake virus popups, Microsoft and Apple "support" calls, poisoned search-ad numbers, remote-access fraud, and the gift-card refund trap. Every variant of the tech support scam, how to spot it, how to stop it, and exactly who to report it to.

SB

SafeBrowz Team Security ResearchJune 7, 202612 min read

Why tech support scams are still everywhere in 2026

Tech support fraud has quietly become one of the most damaging scams on the internet. The FBI Internet Crime Complaint Center, in its 2024 Annual Report published in April 2025, named tech support scams among the costliest categories for older adults, with people over 60 reporting the heaviest losses. The center logged more than $16 billion in total internet-crime losses across all categories that year, and tech support and impersonation fraud sit near the top for victims aged 60 and above.

The FTC tells the same story from a different angle. Its Consumer Sentinel data has tracked tech support scams as a leading complaint type for years, with median individual losses that climb sharply once a victim is talked into wiring money or buying gift cards. Microsoft's own research, published in its Digital Defense work, has estimated that the company fields thousands of tech-support-scam complaints every month from around the world.

The reason it keeps working is psychology, not technology. The scam manufactures panic, then offers the panicked person a calm voice on the phone who promises to fix everything. By the time the math stops making sense, the money is already gone.

Fake virus popups and browser-lock scareware

This is the front door for most tech support scams. You are reading a page, and suddenly a full-screen warning appears: "Your computer is infected. Do not restart. Call Microsoft support now at this number." Sometimes it imitates a blue screen of death. Sometimes it plays a robotic voice. Sometimes it shows a fake virus scan ticking through your files in real time.

None of it is real. The page found nothing because a web page cannot scan your hard drive. The "scan" is a looping animation. The blue screen is just an image. The alert box that you cannot close is a JavaScript trick that reopens itself every time you dismiss it, which makes the browser feel locked. That feeling of being trapped is the entire point, because a trapped person calls the number.

Here are the kinds of domains these scareware pages run on. Each is an illustrative lookalike. Click any red-dotted one to run it through the live scanner below.

• microsoft-support-help.com
• windows-defender-alert.xyz
• microsoft-alert-error.top

The fix is always the same: do not call, and close the browser. The detailed close-it-safely steps are further down under "What to do when a fake virus popup traps you."

Fake Microsoft, Apple, Google, and antivirus "support"

The same brands show up again and again because almost everyone uses them. The scam comes in two shapes.

The cold call. Your phone rings. The caller says they are from Microsoft, or Windows, or "the technical department," and that your computer is sending out error reports or has been hacked. They sound official and they have a script for every objection. Real companies do not do this. Microsoft does not monitor your home PC and call you about it. Apple does not phone you about your iCloud being compromised. If your caller ID even shows a familiar name, remember that caller ID is trivial to spoof.

For the Microsoft and Apple versions specifically, we have dedicated breakdowns: the fake Microsoft popup tech support scam and the compromised iCloud Apple popup scam.

The callback. This is the popup version turned into a phone call. You see one of the fake virus warnings above, you call the number on it, and now a "technician" answers. The script is the same either way: there is a serious problem, and they need to connect to your computer to fix it.

The antivirus flavor leans on Norton, McAfee, and similar names, usually framed as a billing or renewal problem rather than an infection. Illustrative lookalikes:

• apple-support-alert.com
• norton-renewal-support.com
• mcafee-billing-support.net

Whether the contact starts as a call or a popup, the tell is identical. A real technical problem never starts with a stranger insisting on urgency and remote access.

Search-ad fake support numbers

This one catches careful people, because the victim goes looking for help. You need to reach HP, or your router maker, or your bank's tech line, so you search "HP support phone number." At the top of the results sits a number, sometimes inside a paid ad, sometimes on a page built to look like an official help center. You call it. It is a scammer.

Scammers buy search ads against brand support terms, or they build convincing fake support sites that rank for "[brand] customer service." Google's Ads Safety Report 2024, published in April 2025, describes blocking and removing billions of policy-violating ads each year, with impersonation and scam ads a recurring enforcement category. Some still slip through long enough to take a call.

Protect yourself by never trusting a phone number from an ad or a random results page. Get support numbers from the product itself, the box it came in, your account dashboard after you sign in, or the brand's real website that you typed in by hand. If you are unsure a site is the real one, our guide on how to tell if a website is a scam walks through the checks.

What they do once they have remote access

The goal of almost every tech support scam is to get you to install remote-access software and hand over control. The tools themselves are legitimate. AnyDesk, TeamViewer, and UltraViewer are real products used every day by honest IT teams. The scam is in the abuse: the "technician" talks you through installing one, then reads you a code or has you approve a prompt, and now they are driving your computer.

Once they are in, the playbook runs like this:

• The fake diagnosis. They open a system log full of harmless warnings and routine error events, then point at it as proof of a catastrophic infection. Every Windows machine has those entries. They mean nothing.
• The fake fix. They run a few harmless commands or a "cleanup" so it looks like they earned the fee they are about to charge.
• The refund setup. Many scams pivot here. They claim you are owed a refund for a service or an expired subscription, and they need to "process" it. This is the doorway to the most expensive part.
• Quiet damage. While you watch the screen, they may install hidden remote tools to come back later, copy files, or note saved passwords. This is why disconnecting and scanning afterward matters.

The instant a stranger asks you to install AnyDesk or TeamViewer to "fix" a problem you did not report, the call is a scam. End it.

The refund and overpayment trap

This variant turns a tech problem into a money transfer. The scammer says you are due a refund, often a small amount like $300 for an antivirus subscription you never bought. With remote access already granted, they open what looks like your online banking and tell you to enter the refund amount yourself.

Then comes the staged mistake. They claim you typed an extra zero, so instead of $300 you "received" $3,000, and the company will be in serious trouble if you do not send the difference back. What you actually saw was a faked balance. They edited the page on your screen, or moved money between your own accounts so your checking looks inflated, while no real deposit ever arrived.

Now they apply pressure. Send back the overpayment in gift cards, by wire transfer, or in cryptocurrency, right now, or the agent will be fired. Victims drive to a store, buy thousands of dollars in gift cards, and read the numbers over the phone. The cards are drained in minutes and the money is unrecoverable.

The rule that ends this cold: no legitimate company ever asks for a refund to be returned in gift cards, wire transfers, or crypto. Gift cards are for gifts. A request to pay anyone with them is, by itself, proof of a scam.

The bank-pivot: "move your money to a safe account"

The most dangerous escalation drops the computer angle entirely. The "technician" announces that during the session they discovered your bank account is compromised, often by a supposed insider at the bank, and that hackers are about to drain it. To protect you, they say, you must move everything into a "safe account" they will set up, or follow steps a "bank fraud officer" gives you on a transferred call.

The safe account is the scammer's account. Once you transfer, the money is gone. This overlaps with the broader impersonation playbook covered in our phone-call voice scams (vishing) guide. The defense is absolute: no real bank or government agency will ever ask you to move your money to a new account to keep it safe. That sentence only ever comes from a criminal. Hang up and call your bank yourself using the number on your card.

What to do when a fake virus popup traps you

If a scareware page has hijacked your browser, work through these steps. None of them require calling anyone.

1. Do not call the number. It belongs to the scammer. A real virus warning never includes a phone number.
2. Press Esc, then close the tab. Esc dismisses many fake alert boxes. Then close the tab the normal way.
3. Force-quit the browser if it will not close. On Windows, press Ctrl+Shift+Esc to open Task Manager, select the browser, and click End task. On a Mac, press Cmd+Option+Esc to open Force Quit, select the browser, and click Force Quit.
4. Reopen without restoring tabs. Launch the browser again and decline "restore previous session," which would just reload the scam page. Clear recent history if the offer keeps coming back.
5. Run a real scan. Use the security software built into your system or a reputable antivirus you installed yourself. The popup never scanned anything, so a genuine scan confirms your device is fine.

What to do if you already let them in

If you granted remote access, sent money, or shared banking details, act fast and do not be embarrassed. These crews are professionals and they fool careful people every day.

1. Disconnect from the internet immediately. Turn off Wi-Fi or unplug the cable. This kills the remote session.
2. Uninstall the remote-access tool they had you install, such as AnyDesk, TeamViewer, or UltraViewer.
3. Run a full malware scan with reputable antivirus software to catch anything they planted while connected.
4. Change your passwords from a clean device. Start with email and online banking, then any account touched during the call. Turn on two-factor authentication.
5. Call your bank if money moved or your banking was opened. Use the number on the back of your card, report the fraud, and ask about reversing any transfers.
6. Report it through the channels below.

For a full recovery walkthrough, including what is realistically recoverable and in what order to act, read I got scammed, what do I do now.

How to report a tech support scam, by region

Reporting matters even when you lost nothing. It feeds the investigations and takedowns that protect the next person.

United States

• FTC, report at reportfraud.ftc.gov
• FBI Internet Crime Complaint Center at ic3.gov
• Microsoft impersonation, report at microsoft.com/reportascam
• Apple, forward suspicious messages to reportphishing@apple.com and report fraudulent charges through support.apple.com

United Kingdom

• Action Fraud at 0300 123 2040, or online at actionfraud.police.uk

Canada

• Canadian Anti-Fraud Centre at antifraudcentre-centreantifraude.ca

Australia

• Scamwatch, run by the National Anti-Scam Centre, at scamwatch.gov.au

India

• Cyber Crime Helpline at 1930, or report online at cybercrime.gov.in

If a payment was involved, also contact your bank, card issuer, or the gift-card company right away. Some gift-card brands can freeze a card if you reach them within minutes.

How SafeBrowz blocks this threat

SafeBrowz runs a 3-layer detection engine: Local + APIs + AI. It works on the page, so a scareware popup or fake support site is flagged before it can panic you into calling.

• Layer 1 - Local detection: 60+ URL patterns plus a 550+ brand-specific signature database (including Cyrillic and Punycode homograph variants) plus a community whitelist and blacklist, all running inside the extension before the page renders. This catches the microsoft-support-help, windows-defender-alert, and norton-renewal-support family of lookalikes instantly.
• Layer 2 - API checks: aggregates threat-intelligence sources (Google Safe Browsing, PhishTank, URLhaus) plus 30+ scam-TLD heuristics, so domains already reported as scareware are blocked.
• Layer 3 - AI deep scan (Premium): content analysis in 100+ languages recognizes the tech-support-scam script itself, including freshly registered popup domains that have not yet reached any blocklist.

Detection signatures are derived from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.

Frequently asked questions

Is a popup virus warning that tells me to call a number ever real?

No. A pop-up virus warning that tells you to call a number is always a scam. Microsoft, Apple, Google, Norton, and McAfee never display a phone number in a security alert, and a web page cannot scan your computer for viruses. Do not call. Close the browser instead.

Will Microsoft or Apple ever call me about a problem with my computer?

No. Microsoft and Apple do not monitor your personal device and do not make unsolicited calls about errors, infections, or a compromised account. Any call claiming to be Microsoft or Apple technical support that you did not request is a scam, even if the caller ID looks legitimate, because caller ID is easily spoofed.

I let a scammer into my computer with AnyDesk or TeamViewer. What now?

Disconnect from the internet immediately to end the session, then uninstall the remote-access tool. Run a full malware scan, change your email and banking passwords from a different clean device, and turn on two-factor authentication. If money moved or they opened your banking, call your bank using the number on your card and report the fraud.

Why would tech support ask me to buy gift cards?

Because gift cards are untraceable and irreversible. No legitimate company ever asks you to pay for support or return a refund using gift cards, wire transfers, or cryptocurrency. A request to pay anyone with gift cards is by itself proof of a scam. Stop and do not buy them.

The scammer says my bank account is hacked and I must move money to a safe account. Is that real?

No. No real bank or government agency will ever ask you to transfer your money to a new "safe account" to protect it. That instruction only ever comes from a criminal, and the safe account belongs to them. Hang up and call your bank yourself using the number printed on your card.

How does SafeBrowz stop tech support scams?

SafeBrowz is a free browser extension that flags scareware popups and fake support sites before they load, using a 3-layer engine of local URL patterns, threat-intelligence APIs, and AI content analysis. Its brand database covers 550+ companies including Microsoft, Apple, Google, Norton, and McAfee, plus their common lookalike and typosquat variants. It works on Chrome, Firefox, and Edge.