Fake tech support: the popup and the phone call that want into your computer
A scary popup says your computer is infected and to call a number. A caller says they're from Microsoft. Both want the same thing: remote access. Here is how tech-support scams work and how to refuse them.
Two scams that look different on the surface run on the same engine. One is a frightening popup that fills your screen and says your computer is infected — call this number immediately. The other is a phone call from someone claiming to be tech support, perhaps from Microsoft or your internet provider, warning that they've detected a problem. Different doors, same goal: to talk you into handing over remote access to your computer.
How the scam is built
The popup version usually arrives while browsing — a malicious ad or a sketchy site triggers a full-screen warning, often with alarming sounds, a fake "Microsoft" logo, and a phone number. It's designed to look like your computer is in crisis and you must act now. Crucially, nothing is actually wrong; the popup is just a web page engineered to scare you into calling.
The phone version skips the popup and calls you directly, or waits for you to call the number from one of those popups. Either way, a calm, technical-sounding person walks you through "fixing" the problem. They ask you to install a remote-access tool — legitimate software, used here for theft — so they can see and control your screen. Then they "find" alarming problems, charge you to fix them, and often install something or steal what they can while they have the keys.
In a business, the danger multiplies. The computer they reach may be signed in to your email, your files, your accounting software, and your saved passwords. One granted session can expose the whole operation.
Why it's so effective
This scam stacks fear on top of authority. The popup manufactures panic; the "support agent" offers calm rescue. People who would never email their password to a stranger will, in a moment of alarm, install software and let that stranger drive — because it feels like the responsible thing to do when your computer is "infected."
It also exploits a real gap in knowledge. Most people aren't sure how their computer actually reports problems, so a confident fake fills the vacuum.
The facts that end it
A few things are simply true, and knowing them defuses the entire scam:
- Microsoft, Apple, and your internet provider do not monitor your personal computer and call you about viruses. They have no way to know your machine has a problem, and they don't reach out like this. A call or popup claiming otherwise is fake, every time.
- A real virus warning never tells you to call a phone number. Your actual security software handles threats quietly in the background; it doesn't demand you dial support.
- No legitimate support starts with "let me remote into your computer" out of the blue. Granting remote access to an unsolicited caller is the single worst thing you can do.
What to do instead
- For a scary popup: don't call the number. Close the browser. If the popup won't close, restart the computer. Nothing was actually infected — the page was the whole trick.
- For an unsolicited "support" call: hang up. If you're genuinely worried about your computer, contact your own IT person or provider using a number you already have.
- Never install remote-access software because a caller asked you to. If you did, disconnect from the internet, and have your real IT support check the machine and change passwords for anything it could reach.
- Tell your team these are scams in advance, especially anyone who'd feel responsible for a "broken" computer. Permission to hang up and ignore the popup is the protection.
The calm version of the truth — this isn't how real support works — beats the loudest popup.
Because these scams aim to reach whatever your computer can touch, the settings behind your accounts decide how bad a granted session gets. Tenant Strike reviews your Microsoft 365 and Azure configuration in read-only mode and shows where a compromised machine would do the most damage — accounts without enforced multi-factor authentication, overly broad access, sign-ins allowed from anywhere. It's a quick, plain-English read on what's actually exposed.
AI-researched from public sources. We label AI-assisted writing — see our trust page.
See your own risk
Want this for your own Microsoft cloud?
Tenant Strike runs 100+ read-only checks across Microsoft 365 and Azure and hands you a plain-English fix for every gap. Start a 7-day Pro trial — no credit card.