Tech support popup scam

A browser popup, sometimes accompanied by a loud audio warning, claims your computer is infected with viruses, your accounts are compromised, or your IP has been blocked. It urges you to call a phone number for "Microsoft Support," "Apple Support," or a "Windows Defender Hotline." The number connects to a scam call center.

The "agent" walks you through installing remote-access software (AnyDesk, TeamViewer, LogMeIn). Once they have access, they:

1. Show you scary-looking system logs (Event Viewer entries, normal but unfamiliar to laypeople) as "proof" of infection.
2. Open your bank account, "show" you a fake fraudulent transfer in progress.
3. Convince you to wire / Zelle / buy gift cards to "protect" the funds while they "fix" the computer.
4. Sometimes plant actual malware to maintain access after the call.

Older adults are heavily targeted. Individual losses can reach hundreds of thousands of dollars.

"** WARNING — YOUR COMPUTER HAS BEEN BLOCKED ** Your IP address has been suspended due to suspicious activity. Microsoft has detected a serious infection that may compromise your bank accounts. DO NOT close this window. Call Microsoft Support immediately: 1-855-XXX-XXXX. Error code: 0x80070643"

Often combined with looping audio and a screen overlay that prevents closing the browser. The browser is not actually compromised — these are scripted webpages that try to lock the UI.

• Browser popup claims to be from Microsoft, Apple, or Norton with an "error code" and a phone number.
• Loud beeping or voice "warning."
• Screen "locks" but Task Manager / Activity Monitor can close it.
• The phone number is not the company's real published support number.
• "Support agent" asks you to install AnyDesk, TeamViewer, or Quick Assist.
• "Agent" wants to walk through your bank account "to verify safety."
• "Agent" tells you to keep the call secret from family.
• They direct you to buy gift cards or move funds while they remain on the line.

• Microsoft / Apple support. Most common. Brand-impersonation popups.
• Norton / McAfee renewal scam. "Your antivirus auto-renewed for $499. Call to cancel." Same playbook.
• Geek Squad invoice scam. "Your Geek Squad subscription renewed for $399. Click here to dispute."
• Bank fraud-alert popup. Hybrid — popup claims your bank account is compromised.
• Refund overpayment. Agent "accidentally" refunds you $5,000 (it's just a number change in their fake screen) and asks you to wire it back.
• Crypto wallet popup. Claims your wallet is compromised; "support" connects to a smart contract that drains funds.

1. Close the popup. Most can be closed via Task Manager (Windows) or Force Quit (Mac). If the browser truly is locked, restart the computer — your data is fine.
2. No legitimate tech company contacts you via browser popup with a phone number. Microsoft, Apple, and others publish support phone numbers on their websites only.
3. Don't call the number on the popup. If you're worried about your computer, run a real antivirus scan or take it to a local repair shop.
4. Apple Support: 1-800-275-2273. Microsoft Support: 1-800-642-7676. These are the real numbers, available on their official sites.
5. If you're already on the phone: hang up. Do not install any software. Do not give access to any account.

• Disconnect the computer from the internet immediately (unplug Ethernet, turn off WiFi).
• Power off the computer. Treat it as compromised.
• From a different device, change passwords for email, bank, and any account you accessed during the call.
• Call your bank from a different phone. Tell them what happened. Ask them to lock your accounts.
• If money was sent, call your bank to attempt a wire recall. Time matters.
• Run a full malware scan with Microsoft Defender / Malwarebytes or take the computer to a professional. The scammer may have installed a backdoor.
• Consider a clean OS reinstall if you can't verify the system is clean.
• Report to the FTC, IC3, and your local police.
• Tell a trusted family member. Don't isolate — scammers re-target victims.

• Do not call the number in a browser popup.
• Do not install AnyDesk, TeamViewer, or any "verification" software at the request of a "support agent."
• Do not share your bank login, give the agent control of your mouse, or read 2FA codes over the phone.
• Do not buy gift cards to "secure" your accounts. No real bank or tech company asks for that.
• Do not keep the situation secret because the "agent" asks you to.

• FTC: reportfraud.ftc.gov — the broadest US fraud intake; reports flow to thousands of law-enforcement agencies.
• FBI IC3: ic3.gov — the right destination when the scam is internet-enabled (phishing, BEC, romance, crypto).
• CFPB: consumerfinance.gov/complaint — for complaints about banks, money transmitters, payment apps, credit cards, debt collection.
• IdentityTheft.gov — if any identity information (SSN, driver's license, account credentials) was shared.
• Your bank or payment platform. Call the number on the back of your card or use the app's in-product help. Time matters — wires can sometimes be recalled within hours; ACH and Zelle are harder but worth trying.

The popup had Microsoft's logo. Doesn't that mean it's real? No. Logos are trivial to copy. Microsoft never contacts users through browser popups with phone numbers.

The "agent" showed me a list of viruses on my computer. Aren't those real? Almost certainly no. They're showing you the Windows Event Viewer — a normal log of system activity that everyone has. Lots of "errors" appear there in normal use, but they don't mean infection.

Can my older parent still use the computer if they fell for this? Yes, but only after the device is cleaned (ideally reinstalled), passwords are reset, and a known-good antivirus is installed. Consider setting up family safe words and helping them install browser ad-blocking — many popups come from malicious ads.

What about LogMeIn or AnyDesk being on the computer afterward? Remove them. Both are legitimate tools used legitimately by some IT professionals, but if you didn't install them yourself for a known reason, uninstall and reset the account passwords.