What is a Tech Support Scam?

A tech support scam is a fraud in which criminals impersonate well-known software or hardware vendors, most often Microsoft, Apple, or antivirus brands like Norton and McAfee, to convince a victim that their computer is infected or compromised. From there, they charge for fake repairs, sell worthless "protection plans," or install remote access tools used to drain bank accounts.

Unlike opportunistic malware, tech support fraud is a confidence scheme. The weapon is the victim's trust in a recognizable logo and a calm voice on the phone.

Older adults are disproportionately targeted, and according to the FBI Internet Crime Complaint Center (IC3), tech support fraud has consistently ranked among the top three crimes by loss for victims over 60, with annual reported losses well into the hundreds of millions of dollars.

How the attack unfolds

Most tech support scams begin with one of three entry points. The first is a browser pop-up, a full-screen "virus warning" that locks the tab, plays a loud alarm, and displays a toll-free number claiming to be Microsoft or Apple support. The second is a cold call, where a scammer claims "our servers detected malware on your network" and pressures the victim to visit a remote-control website. The third, and increasingly common, is search-ad poisoning: criminals buy sponsored listings for queries like "Apple support number" or "QuickBooks help," placing scam numbers above legitimate results.

Once the victim calls, the scammer walks them through opening Event Viewer or netstat, points to harmless warnings as "proof" of infection, and insists the only fix is immediate paid cleanup.

The remote access escalation

The defining move of a modern tech support scam is convincing the victim to install remote access software, typically AnyDesk, TeamViewer, ScreenConnect, or UltraViewer. Once connected, the attacker controls the victim's screen, fabricates evidence of "Russian hackers" or "child pornography on your IP," and either charges hundreds to thousands of dollars for a fake fix or escalates straight into bank fraud. In the most damaging variant, the scammer opens the victim's online banking, stages a fake "accidental overpayment," and coaches the victim to wire money, buy gift cards, or ship cash to a money mule to "return the excess." A secondary refund scam often follows months later: the same ring calls back claiming the original company is closing and owes a refund, only to steal more.

Enforcement and the criminal supply chain

The industrial center of tech support fraud has long been call centers in India.

Enforcement has followed. The US Department of Justice and the FTC have run multi-year campaigns including Operation Shield and Operation Stolen Promise, alongside coordinated raids by India's Central Bureau of Investigation on call centers in Noida, Gurugram, and Kolkata. Microsoft's Digital Crimes Unit has taken civil action against fraudulent pop-up networks, and the FTC's Consumer Sentinel data continues to list tech support scams as a leading fraud category reported by older adults. AARP's Fraud Watch Network has become one of the most visible public resources, publishing victim stories and running a free helpline.

Detection and defense

Effective defense is layered. On the endpoint, modern browsers block known scam domains via Google Safe Browsing and Microsoft SmartScreen, Windows Defender increasingly flags unexpected remote-access installers, and ad networks have tightened verification for support-related keywords. At the platform level, marketplaces, forums, and ad systems can scan for scam phone numbers, look-alike brand names, and suspicious remote-tool download links in user-generated content. This is the kind of signal-based content review that services like Moderation API are designed to surface.

For individuals, the strongest protections are simple: never call a number shown in a pop-up, never install remote software at the request of an inbound caller, and verify any "Microsoft" or "Apple" contact through the official app or website.