Tech Support Scam

IMPERSONATION Last fact-checked: April 18, 2026

▲ SCAM PROFILE

A scam in which fraudsters impersonate technical support for well-known brands — Microsoft, Apple, Norton, McAfee, Geek Squad, ISPs — via cold phone calls or fake browser popups, then convince victims to grant remote access to their computer or pay for fake 'protection services'. The FBI Internet Crime Complaint Center recorded $924.5 million in tech-support fraud losses across 37,560 complaints in 2023, up from $806.6 million the year before, with a sharp skew toward victims over 60. Two distinct delivery channels dominate: unsolicited phone calls claiming to detect a problem, and browser-hijack popups that lock the screen until the victim calls a displayed number.

How the scam works

Cold-call variant.

Step 1 — The unsolicited call. Your phone rings. The caller claims to be from 'Microsoft technical support', 'Windows Security', 'Apple Support', 'your internet service provider', or similar. They inform you that your computer has been sending error reports, is infected with a virus, or has been compromised by hackers.

Step 2 — The demonstration. They ask you to open Event Viewer (Windows) or Console (Mac) and look at error logs. Every computer has benign warnings and errors in these logs — the scammer uses them as 'proof' of infection.

Step 3 — The remote-access request. They ask you to install TeamViewer, AnyDesk, LogMeIn, or UltraViewer and give them a connection code. Once inside, they can see your files, see your banking session if open, and install anything.

Step 4 — The fake fix. They run innocuous commands (netstat, tree) and claim the output proves infection. They 'clean' the computer while secretly installing keyloggers, remote-access trojans, or ransomware.

Step 5 — The payment. They demand payment for the 'service' — typically $200 to $1,500. Payment methods: credit card, gift cards, wire transfer, or cryptocurrency.

Step 6 — The re-harvest. Months later, they call back claiming your 'subscription' is expiring and attempting a second charge. Or they use the installed access to drain bank accounts directly.

Popup variant.

You're browsing the web when a full-screen popup appears: 'YOUR COMPUTER HAS BEEN BLOCKED — Call Microsoft Support at 1-800-XXX-XXXX immediately. Do not turn off your computer.' Loud audio plays. The browser won't close. The victim calls the number, which routes to the same scam operation.

The popup is generated by malicious ads (malvertising) or compromised websites; it doesn't actually indicate your computer is infected. Closing the browser tab, or force-quitting the browser (Ctrl+Shift+Esc on Windows, Cmd+Q on Mac) ends it.

Where the calls originate

The vast majority of tech-support call centers operate from India (specifically Delhi NCR, Kolkata, and Mumbai), Pakistan, and the Philippines. US law enforcement has coordinated with Indian authorities multiple times (2022 'Tech Support Takedown', 2018 Noida raids) but the operations rebuild quickly. Caller ID is almost always spoofed to display US area codes — common ones include 425 (Microsoft's real Redmond HQ area code, used to seem legitimate), 800 numbers, or your own area code ('neighbor spoofing').

The Geek Squad variant

A specific tech-support variant in 2023-2024 impersonates Best Buy's Geek Squad. Victims receive an email 'invoice' for $399 Geek Squad renewal; the email contains a phone number to 'dispute' the charge. Calling the number reaches the scam center, which pivots into the remote-access script.

Microsoft / Apple policy reference

Microsoft states publicly: 'Microsoft does not send unsolicited email messages or make unsolicited phone calls to request personal or financial information or to provide technical support to fix your computer.'

Apple states publicly: 'Apple never reaches out to customers through unsolicited phone calls, emails, or texts asking for financial information or personal account details.'

ISPs (Comcast, AT&T, Spectrum, Verizon) do not cold-call customers about viruses. If you receive such a call, it is a scam — no exceptions.

Financial exposure

FBI IC3 2023: $924,512,658 in tech-support fraud losses across 37,560 complaints — a mean reported loss of approximately $24,600. Tech support losses grew 15% from 2022 ($806.6M) and over 165% from 2021 ($347.7M). Call centers overwhelmingly target older adults: victims 60+ account for approximately 40% of complaints but 58% of dollar losses (over $770 million combined across tech support and government impersonation).

Sources

FBI 2023 Internet Crime Report — Tech Support fraud ($924.5M, 37,560 complaints)
FTC Consumer Sentinel Network Data Book 2023 — Tech Support Scams 91,196 reports (page 87)
Microsoft: Report a tech support scam
Apple: How to avoid scams
FBI PSA: Phantom Hacker Scams Target Seniors

Warning signs

Red flags — stop the call if you see any of these

Unsolicited call from someone claiming to be Microsoft, Apple, Norton, McAfee, or your ISP
Popup on your computer locking the screen and displaying a phone number
Caller asks you to open Event Viewer, Console, or similar to 'see the problem'
Request to install remote-access software (TeamViewer, AnyDesk, LogMeIn, UltraViewer)
Pressure to pay by gift card, wire transfer, or cryptocurrency
Caller refuses to let you call them back at the official company number
Emailed 'invoice' for a renewal you never signed up for (Geek Squad, Norton, McAfee)
Claim that your bank account or identity has been compromised and they're helping 'verify' or 'move' funds to safety

What to do if you've been targeted

Action steps

Hang up immediately. Do not engage, do not answer questions, do not 'just let them check'.
If a popup appears, force-close the browser (Ctrl+Shift+Esc on Windows, Cmd+Q on Mac). Do not call the number shown.
If you already granted remote access: disconnect from the internet, restart the computer, and run a full antivirus scan (Windows Defender or Malwarebytes).
Change passwords for banking, email, and any accounts you accessed during the remote session — from a different device if possible.
Call your bank if the scammer had you open banking. Flag accounts for unauthorized-access review.
Check for unauthorized remote-access software and uninstall (TeamViewer, AnyDesk, LogMeIn, UltraViewer).
If payment was made, call your credit card issuer immediately to dispute the charge.
Report to the FTC at reportfraud.ftc.gov and Microsoft at microsoft.com/reportascam or Apple at reportphishing@apple.com.

How to report

In the US, report to the FTC at reportfraud.ftc.gov, and to the company being impersonated (Microsoft at microsoft.com/reportascam, Apple at reportphishing@apple.com, Norton at norton.com/fraud). The FBI IC3 (ic3.gov) handles cases where money was actually sent or systems were compromised. Outside the US: Action Fraud (UK), ACCC Scamwatch (Australia), Canadian Anti-Fraud Centre. Also forward phishing emails to reportphishing@apwg.org so blocklists can update.

Statistics

FBI IC3 2023: $924,512,658 in Tech Support fraud losses across 37,560 complaints — up 15% from $806.6 million in 2022 and up over 165% from $347.7 million in 2021. Mean reported loss approximately $24,600. Combined with Government Impersonation, call-center scams caused over $1.3 billion in IC3-reported losses, with victims 60+ experiencing 58% of the total dollar loss (over $770 million). FTC Consumer Sentinel 2023 independently logged 91,196 Tech Support Scam reports as a subcategory of Imposter Scams (which totalled $2.668 billion across all imposter variants). Source: FBI IC3 2023 Internet Crime Report, pages 15, 21, and 23; FTC Consumer Sentinel Network Data Book 2023, page 87.

Country codes most associated with this scam

These country codes appear most frequently in tech support scam reports. Scammers rotate origins constantly — treat this as historical context, not a whitelist.