The pop-up has the Microsoft logo and looks completely real. How can it be fake?

Web pages can display any image, logo, or text — including an exact replica of a Microsoft security warning. These pop-ups are web pages designed to look like system alerts. Your computer is not infected. Press Ctrl+Alt+Delete (Windows) or Command+Option+Escape (Mac), force-quit the browser, and restart your device.

I gave them remote access but didn't pay. Am I safe?

Not necessarily. With remote access, scammers can search your files, view saved passwords in your browser, screenshot financial accounts, and install monitoring software. Run a full antivirus scan, change all passwords from a separate device, and contact your bank to monitor for unauthorized activity.

How do I report a tech support scam?

Report to the FTC at ReportFraud.ftc.gov and to the FBI at IC3.gov. If you lost money, also contact your bank immediately. The FTC uses complaint data to identify and pursue fraud operations — every report helps.

Tech Support Scams 2026: Guide for Seniors

Q: What is the Phantom Hacker scam?

The Phantom Hacker is a three-stage escalation warned about by the FBI. A tech support scammer gains remote access first. Then a second scammer calls posing as your bank's fraud department, claiming your accounts are compromised. Finally a third impersonates a government agent (FTC or FBI) instructing you to move money to a 'government account' for safekeeping. The FBI documented this variant specifically because it produces extremely large individual losses.

The One Rule That Stops Every Tech Support Scam

Legitimate technology companies — Microsoft, Apple, Google, your internet provider — will never contact you unsolicited to tell you there is a problem with your device. If a pop-up, phone call, email, or text tells you your computer has a virus and provides a number to call, it is a scam. Close the browser. Restart your computer. Do not call the number.

What is a tech support scam?

Tech support scams are fraudulent schemes in which criminals impersonate technology companies — most commonly Microsoft and Apple — to gain remote access to your computer or extract payment for fictional problems. Contact arrives via fake browser pop-ups, unsolicited phone calls, or alarming emails. Americans 50 and older filed over 47,900 tech support scam complaints with the FBI in 2025, with losses exceeding $1.04 billion for that age group alone (FBI IC3 2025). The single most effective defense: no legitimate technology company will ever contact you unsolicited about a problem with your device.

How Tech Support Scams Work

Tech support scams are designed to exploit one fear most computer users share: the worry that something has gone seriously wrong with their device. Scammers trigger that fear deliberately and then insert themselves as the solution. The formula has three entry points, all leading to the same destination — remote access to your computer.

Entry Point 1: The Screen Pop-Up (Most Common)

You are browsing normally when your screen suddenly fills with a warning. It looks like an official Microsoft or Apple security alert — the right colours, the right logo, urgent language about viruses or compromised accounts. An alarm sound may play. The browser may expand to full screen, hiding the close button. A phone number is prominently displayed with instructions to call immediately.

These pop-ups are not system warnings. They are web pages designed to look like system warnings. Your computer is not infected. The alarm and the full-screen mode are deliberate tactics to prevent you from closing the browser calmly. To close a frozen browser: press Ctrl+Alt+Delete (Windows) or Command+Option+Escape (Mac), select the browser, and force-quit it. Then restart your device. The "warning" will be gone.

Real Pop-Up Text — Documented by the FTC "WINDOWS DEFENDER ALERT — Your computer has been blocked. Call Microsoft Support immediately at 1-888-XXX-XXXX. Do not restart your computer. If you close this page your computer access will be disabled to prevent further damage to our network. Error Code: 0x80072ee7. Windows Security Essentials — Your system is infected with (3) viruses! Call Toll Free: 1-888-XXX-XXXX"

Entry Point 2: The Unsolicited Phone Call

A caller — often with a slight accent — identifies themselves as a Microsoft, Apple, Dell, or Comcast technician. They say their systems have detected a problem with your computer and they're calling to help. They sound professional and knowledgeable. They may know your name or your general location.

Microsoft receives approximately 12,000 complaints about this impersonation every month worldwide. Microsoft, Apple, and your internet provider do not monitor your personal computer and will never call you unsolicited about a virus or security problem. This call is always a scam. Hang up.

Entry Point 3: The Phishing Email or Online Ad

An email appears to be from a security company — sometimes with a fake invoice for software you didn't purchase — with a phone number to call if you didn't authorise the charge. The goal is the same: get you on the phone, then onto your computer. Google ads have also been used to place fake tech support numbers at the top of search results when people search for real company support lines.

What Scammers Actually Say — Documented Scripts

The following language is drawn from FTC case documentation and Microsoft's own impersonation reports. These exact phrases appear across hundreds of documented tech support scam interactions.

Pop-Up Alert Text — Documented by the FTC "WINDOWS DEFENDER SECURITY WARNING — Your computer has been blocked. Call Microsoft Support immediately: 1-888-XXX-XXXX. Do not restart your computer. Closing this window will disable your computer access to prevent further damage to our network. Error Code: 0x80072ee7"

Opening Phone Script — Unsolicited Call Variant "Hello, this is [name] calling from Microsoft's Security Division. Our systems have detected unusual activity originating from your computer — IP address [real-sounding number]. We're reaching out to help you resolve this before it becomes a serious problem. Are you at your computer right now?"

Remote Access Request Script "I'm going to need you to download a small program so I can connect to your system and show you exactly what we're seeing on our end. It's completely free — it's called AnyDesk / TeamViewer. Once I can see your screen, I can show you the infected files and walk you through the cleanup." [Then opens Windows Event Viewer] "Do you see all these red and yellow warnings? Each one of these is an active intrusion attempt. This is very serious."

Payment Demand Script "The cleanup service is $299 for a one-time deep scan and removal. We accept gift cards — Google Play and iTunes work best because they process instantly. Once you have the card, just read me the numbers on the back. Do not tell the store clerk what the cards are for — they're trained to flag fraud and it might delay your service."

Phantom Hacker — Bank Impersonation (Stage 2) "This is [name] from the Fraud Prevention Department at [your bank]. We've detected that your account has been accessed by the same hacker who was in your computer. To protect your funds, we need you to move your money to a temporary secure holding account that only you can access. I'll give you the account number now."

The escalation pattern is consistent: pop-up or call → gain trust with technical language → request remote access → manufacture visible "evidence" → demand payment via gift card or wire. At the Phantom Hacker stage, a second and third caller reinforce the fiction. If any of these phrases appear in an unsolicited call or pop-up, hang up or close the browser immediately.

What Happens When You Call

Once on the phone, the scammer guides you through installing legitimate remote access software — tools like AnyDesk, TeamViewer, or UltraViewer that are used by real IT professionals. Once they have remote access, everything visible on your screen is visible to them, and they can control your mouse and keyboard.

They will typically open Windows Event Viewer — a real system tool that always contains thousands of routine warnings and errors — and present these normal log entries as evidence of serious infection. They may also open the Command Prompt and run legitimate commands that display technical output, which they misrepresent as proof of problems.

From here, two things happen:

Payment for fake services. They demand $200–$500 to "clean" your computer. They may ask for gift cards, wire transfer, or even remote into your banking app to "show you" how to pay — while actually accessing your accounts.
Silent data theft. While distracting you with their "repairs," they quietly search your files for passwords, financial documents, or banking login credentials saved in your browser. Even if you never pay, they may have captured enough to access your accounts later.

The Phantom Hacker Upgrade

The FBI has specifically warned about an escalated version called the "Phantom Hacker" scam, which layers three stages of impersonation:

Tech support call — scammer poses as Microsoft or Apple, gains remote access, claims to find a hacker in your accounts
Bank impersonation — a second scammer calls posing as your bank's fraud department, says your account is compromised, instructs you to move money to a "safe" account
Government impersonation — a third scammer poses as the FTC, FBI, or Treasury Department, adds false legitimacy and may instruct victims to convert savings to gold or cryptocurrency for a courier to collect

Victims of this three-stage scam have lost their entire retirement savings. No government agency will ever ask you to move, protect, or convert your money. If anyone in any stage of this sequence instructs you to withdraw cash, buy gift cards, or send a wire transfer — it is a scam at every stage.

If You've Given Remote Access — Even Without Paying

Treat it as a serious security incident. Change every password immediately — start with email and banking — from a different device. Run a full antivirus scan. Check your bank and credit card statements for unauthorised charges. Monitor your credit report. The scammer may have installed software that gives them continued access even after you ended the call.

Warning Signs

Unsolicited contact of any kind — real tech companies don't call, email, or pop up to tell you there's a problem unless you initiated contact
Any request for remote access to your computer — this is the central mechanism of every tech support scam
Alarm sounds or full-screen browser pop-ups with phone numbers — press and hold the power button to shut down if you can't close the browser normally
Demands for payment via gift cards, wire transfer, or cryptocurrency — legitimate IT services accept credit cards and provide receipts
Instructions to open Event Viewer, Command Prompt, or other tools — and claims that normal entries represent viruses or hacking
Being transferred to a "bank" or "government" representative — this escalation is the Phantom Hacker pattern

What To Do If You've Been Scammed

Disconnect from the internet immediately if the scammer may still have remote access — unplug the ethernet cable or turn off Wi-Fi.
Change all passwords from a separate device — especially email, banking, and any accounts with saved passwords in your browser.
Contact your bank immediately if you made any payment or gave them access to banking apps. Ask about reversing transactions and flagging your account.
Run a full security scan using legitimate antivirus software. If you're unsure, take the device to a local computer repair shop or Best Buy Geek Squad for a professional check.
Report to the FTC at ReportFraud.ftc.gov and the FBI at IC3.gov. Also report directly to Microsoft at microsoft.com/reportascam or Apple at apple.com/feedback.
Place a fraud alert on your credit reports if any personal information was visible on screen during the session.

Protecting Yourself

Write this rule on a sticky note and put it near your computer: "No real company will ever call me about a problem with my computer."
Install a reputable ad blocker (uBlock Origin is free) — many malicious pop-ups are delivered through online advertising
Keep your operating system and browser updated — updates patch vulnerabilities that some scam pop-ups exploit
Use a password manager so passwords are not saved visibly in your browser where remote access could expose them
Tell family members about this scam — awareness is the most protective factor

Frequently Asked Questions

Web pages can display any image, logo, colour scheme, or text — including an exact replica of a Microsoft security warning. These pop-ups are not system alerts; they are web pages. Your computer is not infected. Press Ctrl+Alt+Delete (Windows) or Command+Option+Escape (Mac), force-quit the browser, and restart your device. The warning will be gone.

No. Windows Event Viewer always contains thousands of warnings and errors — this is completely normal on every Windows computer. Scammers use this tool deliberately because it reliably shows alarming-looking entries that they can point to as "evidence." The errors were there before they called and will be there after.

Not necessarily. With remote access, scammers can search your files, view saved passwords stored in your browser, screenshot financial accounts, and install monitoring software that persists after the session ends. Run a full antivirus scan, change all passwords from a separate device, and contact your bank to place alerts on your accounts.

Act immediately — call the gift card retailer's fraud line and report what happened. If the cards haven't been drained yet, the retailer may be able to freeze them. Report to the FTC at ReportFraud.ftc.gov. Recovery is difficult but faster action gives you a better chance.

The Phantom Hacker is a three-stage escalation the FBI has specifically warned about. First, a tech support scammer gains remote access to your computer. Then a second scammer calls posing as your bank's fraud department, claiming your accounts are compromised. Finally a third impersonates a government agent — FTC or FBI — instructing you to move money to a "government account" for safekeeping. No such account exists. This variant produces extremely large individual losses because of the government impersonation layer.

Report to the FTC at ReportFraud.ftc.gov and to the FBI at IC3.gov. If you lost money, contact your bank immediately. Reports to both agencies are used to build cases — filing a report is one of the most useful things a victim can do even when individual recovery is unlikely.

A Real Case — What Actually Happened

Source: U.S. Attorney's Office, Western District of Michigan · August 16, 2024 · DOJ Press Release · Sentencing — established fact

A victim in West Michigan was browsing online when a pop-up filled their screen with an official-looking Microsoft security alert, complete with an alarm sound and a phone number to call. When they called, they reached a scammer based in India posing as a Microsoft technician who convinced them to install remote access software. From there the scam escalated through multiple ruses — at different points the same victim was told their bank account was compromised and they needed to withdraw cash for safekeeping, that they had been identified in a criminal investigation, and that federal agents would protect their money. Jayesh Panchal and co-conspirators made six in-person trips to Lake County, Michigan to collect cash from this single victim.

Amount lost (one victim)$398,000

Total scheme losses$11 million+

How contact was madeBrowser pop-up with phone number

Outcome78 months federal prison (Panchal); 63 months (Shetty). August 2024.

U.S. District Judge Jane M. Beckering called it a "horrific" scheme that "preyed upon some of our most vulnerable citizens, the elderly."

Tech Support Scams — 2025 Data

Metric	Figure	Source
Total losses reported (all ages)	$2.1 billion	FBI IC3 2025
Losses reported (adults 60+)	$1.04 billion	FBI IC3 2025
Complaints filed (adults 60+)	47,900+	FBI IC3 2025
Average loss per victim (60+)	~$10,250	FBI IC3 2025
Most common initial contact	Pop-up / web browser	FTC 2025
Most common payment method	Gift cards, wire transfer, gold bars	FBI IC3 2025

Figures from the FBI IC3 2025 Annual Report and FTC Consumer Sentinel 2025. Loss figures are self-reported and underestimate actual totals.

Sources Used on This Page

FBI IC3 2025 Annual Report

Loss figures, complaint volumes, victim age data. Published 2025.

FTC Consumer Sentinel Network Data Book 2025

Complaint volumes, demographic breakdowns, contact method data.

FTC — How to Avoid Tech Support Scams

Official FTC description, warning signs, pop-up text examples.

DOJ — Two Defendants Sentenced for "Horrific" Fraud Scheme (August 2024)

Real case study, judge's quotes, scheme mechanics. Sentencing complete — established fact.

Microsoft — Global Tech Support Scam Research

Used for: 12,000 monthly complaints about Microsoft impersonation worldwide. Microsoft's own research on impersonation volume.

All statistics drawn from primary government sources. This page is reviewed on an ongoing basis as new data becomes available.

Last updated: April 2026

The Pop-Up Says Your Computer Has a Virus. It Doesn't.