Physical Address

Lesya Kurbasa 7B
03194 Kyiv, Kyivska obl, Ukraine

Tech Support Scams: Common Types and Prevention

Tech support scams continue to be one of the most prevalent threats targeting average computer users. These scams trick victims into believing their computer has a serious problem, then convince them to pay for unnecessary “support services” or grant remote access to their devices. This comprehensive guide explains the common types of tech support scams, how to identify them, and steps to protect yourself.

Key Facts

Threat Name Tech Support Scams, Technical Support Fraud, Support Impersonation Scams
Type Social Engineering, Phone Fraud, Browser Scareware, Financial Fraud
First Detected 2008 (with significant evolution since)
Platforms Affected Windows 7, 8, 8.1, 10, 11, macOS, Android, iOS (less common)
Financial Impact $602 million reported losses in 2024 (USA only)
Primary Methods Phone calls (47%), Browser pop-ups (29%), Email (13%), Fake search results (11%)
Common Impersonated Companies Microsoft, Apple, Google, Norton, McAfee, Dell, HP, Amazon
Threat Level Medium to High (depends on user response)
Data Risk High – Financial fraud, identity theft, and potential malware infection
Tech Support Scam Methods (2025) Phone Calls 47% Browser Pop-ups 29% Email 13% Fake Search Results 11% 0% 10% 20% 30% 40% 50%

Source: Federal Trade Commission Consumer Sentinel Network, Data through March 2025

What Are Tech Support Scams?

Tech support scams are a form of social engineering where criminals impersonate legitimate technical support services to trick users into paying for unnecessary support services or providing remote access to their computers. Unlike actual malware such as Emotet or Wacatac, these scams rely primarily on manipulation rather than software exploits.

According to FBI Internet Crime Complaint Center (IC3) data, tech support scams have seen a 117% increase in reported incidents between 2022 and 2024, making them one of the fastest-growing types of consumer fraud. The average financial loss per victim is approximately $415, though cases involving elderly victims often result in much higher losses.

Interesting Facts About Tech Support Scams

  • The FTC reports that adults over 60 lose approximately 5 times more money to tech support scams than younger adults
  • Organized call centers dedicated entirely to tech support scams employ thousands of operators worldwide
  • In coordinated international operations, law enforcement has identified more than 140,000 victims of tech support scams
  • Many tech support scammers use legitimate remote access tools (TeamViewer, AnyDesk, SupRemo) that cannot be detected by security software
  • Call center operations supporting these scams may appear outwardly legitimate, with professional facilities and training programs

Common Types of Tech Support Scams

1. Phone Call Scams

In this approach, scammers cold-call potential victims claiming to be from well-known companies like Microsoft, Apple, or an internet service provider. They typically follow a scripted approach:

  • Claim they’ve detected viruses or problems on your computer
  • Use technical jargon to intimidate and confuse victims
  • Create a false sense of urgency about security threats
  • Request remote access to “diagnose” problems
  • Demand payment for unnecessary services

These callers often use spoofed phone numbers that appear to be from legitimate companies or local areas to increase trust. They may even have some basic information about you gathered from public sources to seem more legitimate.

2. Browser Pop-Up Scams

These scams display alarming pop-up messages while browsing the internet, claiming your computer is infected. A classic example is the Pornographic Virus Alert from Microsoft scam, which uses frightening messages about illegal content to motivate immediate action.

Common characteristics of these pop-ups include:

  • Messages that cannot be easily closed or that reappear
  • Fake Microsoft, Apple, or antivirus company branding
  • Countdown timers to create urgency
  • Claims of illegal activity detection or imminent data loss
  • Toll-free numbers to call for “immediate assistance”

When users call these numbers, they reach scam call centers where operators follow similar scripts to phone scammers, ultimately requesting remote access and payment.

3. Fake Error Message Scams

Similar to pop-ups but designed to look like genuine system error messages, these scams mimic Windows error dialogs, Blue Screens of Death, or system warnings. The “Error: Ox800VDS” Microsoft Defender Pop-up Scam is a perfect example where attackers create convincing replicas of legitimate error messages.

These fake errors typically:

  • Use official-looking logos and formatting
  • Display fake error codes that seem technical
  • Include fraudulent security warnings or virus detection alerts
  • Provide support numbers to call or websites to visit

4. Search Result Scams

In these more sophisticated attacks, scammers create websites designed to appear in search results when users look for technical support. When someone searches for help with a legitimate technical problem, they may be directed to a scammer’s website instead of official support.

These fake support sites often:

  • Rank highly in search results for common technical problems
  • Impersonate legitimate companies with similar logos and design
  • Offer immediate “live chat” or phone support
  • Include fake testimonials and credentials

5. Email-Based Tech Support Scams

These scams arrive via email claiming to be from technical support teams. They often notify users of supposed account issues, security problems, or required actions. Many include links to phishing websites or malware-laden attachments.

Similar to the fake “Server (IMAP) Session Authentication” emails, these messages use technical terminology and false urgency to compel action.

Create Fear Establish Authority Create Urgency Offer Solution Extract Payment Common Tech Support Scam Tactics

Source: CISA, Technical analysis of tech support scam methodologies, 2025

Technical Analysis of Tech Support Scams

Browser-Based Scam Implementations

The most common browser-based tech support scams employ various technical mechanisms to appear legitimate and create persistent experiences that are difficult to escape:

JavaScript Implementation Techniques

These scams typically utilize several JavaScript techniques to create persistent, difficult-to-close alerts:

// Common code pattern found in tech support pop-up scams
(function() {
    // Detect browser and OS for customized messaging
    var userAgent = navigator.userAgent;
    var browserName = "your browser";
    var osName = "your computer";
     
    if (userAgent.indexOf("Chrome") > -1) browserName = "Chrome";
    else if (userAgent.indexOf("Firefox") > -1) browserName = "Firefox";
    else if (userAgent.indexOf("Edge") > -1) browserName = "Edge";
     
    if (userAgent.indexOf("Windows") > -1) osName = "Windows PC";
    else if (userAgent.indexOf("Mac") > -1) osName = "Mac";
     
    // Create persistent alert with browser history manipulation
    function createPersistentAlert() {
        var message = "⚠️ CRITICAL ERROR ⚠️\n\n" +
            "Security threat detected on your " + osName + "!\n\n" +
            "YOUR PERSONAL DATA IS AT RISK!\n\n" +
            "Call Technical Support immediately at: 1-888-XXX-XXXX\n\n" +
            "Do not close this window or your system access will be disabled.";
         
        alert(message);
         
        // Push state to make back button return to alert
        history.pushState({}, "", location.href);
    }
     
    // Initial alert
    createPersistentAlert();
     
    // Re-trigger alert when user tries to navigate away
    window.onbeforeunload = function() {
        setTimeout(createPersistentAlert, 100);
        return "Your computer is still at risk! Call Support now!";
    };
     
    // Re-trigger when history changes (back button)
    window.addEventListener("popstate", createPersistentAlert);
     
    // Create full-screen overlay as backup
    var overlay = document.createElement("div");
    overlay.style.position = "fixed";
    overlay.style.top = "0";
    overlay.style.left = "0";
    overlay.style.width = "100%";
    overlay.style.height = "100%";
    overlay.style.backgroundColor = "#0078d7"; // Microsoft blue
    overlay.style.color = "white";
    overlay.style.zIndex = "99999";
    overlay.style.display = "flex";
    overlay.style.flexDirection = "column";
    overlay.style.justifyContent = "center";
    overlay.style.alignItems = "center";
    overlay.style.textAlign = "center";
    overlay.style.padding = "20px";
     
    var heading = document.createElement("h1");
    heading.innerText = "⚠️ CRITICAL SECURITY ALERT ⚠️";
     
    var content = document.createElement("p");
    content.style.fontSize = "18px";
    content.innerHTML = "Security threat detected on your " + osName + "!<br><br>" +
        "YOUR PERSONAL DATA IS AT RISK!<br><br>" +
        "Call Technical Support immediately at: <strong>1-888-XXX-XXXX</strong><br><br>" +
        "Do not close this window as your computer access will be suspended for security reasons.";
     
    overlay.appendChild(heading);
    overlay.appendChild(content);
     
    // Add to DOM after slight delay
    setTimeout(function() {
        document.body.appendChild(overlay);
    }, 500);
})();

Evasion Techniques

To avoid detection and maximize effectiveness, these scams implement various evasion techniques:

  • Short-lived domains that operate only for days or hours before moving
  • Geo-blocking to avoid showing the scam to users in certain locations
  • Redirecting to legitimate sites if accessed from security research IP ranges
  • Implementing CAPTCHA or other verification steps to evade automated scanning
  • Using URL shorteners to mask the actual destination in promotional materials
  • Implementing browser fingerprinting to target specific browser versions
  • Avoiding triggering the scam if developer tools are open or if the user is on a virtual machine

Browser Features Exploited

Tech support scams abuse legitimate browser features, including:

Browser Feature How It’s Exploited
alert(), confirm(), prompt() Dialogs Used to create dialogs that prevent browser usage until closed
History API history.pushState() used to prevent use of back button
onbeforeunload Event Creates warnings when trying to close tab/window
Web Notifications API Used to deliver alerts even after site is closed
Full-screen API Creates immersive scam experiences mimicking system interfaces
Service Workers More advanced scams use these for offline operation and persistence

Distribution Infrastructure

These scams typically operate through multi-layered infrastructure:

Layer Function Implementation
Traffic Sources Generate victim traffic Malvertising networks, compromised websites, SEO poisoning
Landing Pages Host initial redirect code Exploited WordPress sites, temporary domains with obfuscated content
TDS (Traffic Distribution System) Filter and redirect visitors Geolocation filtering, bot detection, session tracking to avoid repeated displays
Payload Delivery Serve the actual scam alert Dedicated scam domains with JavaScript payloads, various visual templates
Call Routing Manage incoming victim calls VOIP systems distributing calls to scam call centers based on availability

Network Indicators of Compromise

System administrators should watch for these network patterns that may indicate a user has encountered tech support scams:

# HTTP requests to URLs with suspicious patterns
/wp-content/plugins/*/redirect.php
/includes/*/popup.js
/wp-admin/admin-ajax.php with unusual POST data
/assets/js/alert-*.js
 
# Domains with characteristic patterns
*-microsoft-support.com
*-windows-security.com
*technical*support*.com
*-alert-security-*.com
*securebrowser*.com
*fix-pc-error*.com

How to Identify Tech Support Scams

Understanding the common red flags can help you avoid becoming a victim:

  • Unsolicited contact: Legitimate tech companies don’t proactively contact customers about device problems
  • Urgency and pressure: Scammers create false time pressure to prevent rational thinking
  • Requests for remote access: Never allow unknown parties to access your computer
  • Payment demands: Especially requests for gift cards, wire transfers, or cryptocurrency
  • Unprofessional communication: Poor grammar, spelling errors, or generic greetings
  • Threats or intimidation: Claims about illegal activity or severe consequences

What to Do If You Encounter a Tech Support Scam

For Phone Scams:

  • Hang up immediately
  • Block the number
  • Never call back suspicious numbers from pop-ups or emails

For Browser Pop-Ups:

  • Don’t click any buttons on the pop-up, even “Cancel” or “Close”
  • Use Task Manager (Ctrl+Shift+Esc) to force close the browser
  • On mobile devices, close the browser from the app switcher
  • If the pop-up persists, restart your device

Browser-Specific Escape Commands

Browser Force Close Method Alternative Method
Chrome Shift+Esc (Windows/Linux)
⌥+⌘+Esc (Mac)		 Use Task Manager to kill “chrome.exe”
Firefox Alt+F4 (Windows)
⌘+Q (Mac)		 Alt+F > Alt+F4 to bypass “save tabs” prompt
Edge Ctrl+Shift+Esc to open Task Manager Use “end task” on Microsoft Edge processes
Safari ⌥+⌘+Esc, select Safari ⌘+Q, ignore dialog boxes

If You’ve Already Responded to a Scam:

  • Disconnect from the internet immediately to prevent further access
  • Scan your computer for malware using legitimate security software
  • Change your passwords from a different, uncompromised device
  • Monitor your accounts for suspicious activity
  • Contact your bank if you shared financial information or made payments

How to Remove Tech Support Scam Malware

If your device has been compromised by a tech support scam, follow these steps to remove malware:

  1. Boot your computer in Safe Mode:
    # Windows 10/11
    1. Press Windows key + I to open Settings
    2. Go to Update & Security > Recovery
    3. Under Advanced startup, click "Restart now"
    4. When your PC restarts, select Troubleshoot > Advanced options > Startup Settings > Restart
    5. After your PC restarts, select option 4 or 5 for Safe Mode
     
    # macOS
    Hold the Shift key while starting up your Mac
  2. Use a reputable anti-malware program to scan your system
    • We recommend using Trojan Killer for comprehensive malware detection and removal
  3. Reset your browsers:
    # Chrome
    1. Open Chrome and enter chrome://settings in the address bar
    2. Scroll down and click "Advanced"
    3. Scroll to "Reset and clean up" section
    4. Click "Restore settings to their original defaults"
    5. Click "Reset settings" to confirm
     
    # Firefox
    1. Open Firefox and click on the hamburger menu (three lines)
    2. Click "Help" > "More Troubleshooting Information"
    3. Click "Refresh Firefox" button on the page that opens
    4. Confirm by clicking "Refresh Firefox" in the dialog
     
    # Edge
    1. Open Edge and enter edge://settings/resetProfileSettings in the address bar
    2. Click "Reset settings"
    3. Confirm by clicking "Reset" in the dialog
  4. Remove suspicious applications from your Control Panel
  5. Check for and remove suspicious scheduled tasks and startup items:
    # View scheduled tasks (Windows)
    schtasks /query /fo LIST /v
     
    # View startup items (Windows)
    wmic startup get caption,command
     
    # Disable a suspicious scheduled task
    schtasks /change /tn "TaskName" /disable
     
    # Check for persistence in registry
    reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run

For persistent browser notifications and pop-ups, you may need to follow specific browser cleanup procedures as detailed in our notification spam removal guide.

How to Report Tech Support Scams

Reporting these scams helps authorities identify and shut down scam operations:

When reporting, include as many details as possible: phone numbers, websites, company names used by scammers, and details about their tactics. This information helps authorities build stronger cases against scam operations.

Prevention Tips

  • Be skeptical of unsolicited communications claiming to be from tech support
  • Keep your software updated to reduce legitimate technical issues
  • Install reputable security software that includes browser protection
  • Never share remote access to your computer with unsolicited callers
  • Verify company contacts by looking up official numbers on company websites
  • Educate vulnerable family members about these scams, particularly older adults
  • Use an ad blocker to prevent malicious advertisements that can lead to scam sites
  • Be wary of sponsored search results when looking for technical support

For comprehensive protection against various browser-based threats that often deliver tech support scams, consider implementing the security measures described in our malware removal comprehensive guide.

Enhanced Browser Security Configurations

To better protect yourself from browser-based tech support scams, consider these advanced security configurations:

# Chrome: Enable Enhanced Safe Browsing
1. Go to chrome://settings/security
2. Select "Enhanced protection" under Safe Browsing
 
# Firefox: Configure Enhanced Tracking Protection
1. Go to Firefox menu > Settings > Privacy & Security
2. Set Enhanced Tracking Protection to "Strict"
 
# Edge: Enable Microsoft Defender SmartScreen
1. Go to edge://settings/privacy
2. Toggle on "Microsoft Defender SmartScreen"
 
# Safari: Enable Fraudulent Website Warning
1. Go to Safari > Preferences > Security
2. Check "Warn when visiting a fraudulent website"
Tech Support Scam Financial Impact by Age Group $0M $40M $80M $120M $160M $200M 18-29 $42M 30-39 $78M 40-49 $94M 50-59 $103M 60-69 $147M 70+ $178M

Source: Federal Trade Commission, 2024 Tech Support Scam Report

Frequently Asked Questions

How can I tell if a technical support call is legitimate or a scam?

Legitimate technical support calls are almost always initiated by you, not by the company reaching out to you unsolicited. Microsoft, Apple, Google, and other major technology companies do not proactively monitor individual computers for problems and then call users. If you receive an unexpected call claiming to be from technical support, it is almost certainly a scam. Legitimate support personnel will never ask for your password, request remote access without you initiating the support request, pressure you with urgent threats, or ask for payment through unusual methods like gift cards or cryptocurrency. If you’re uncertain about a call, hang up and contact the company directly using the official phone number from their website (not from the caller or a web search). Remember that legitimate technical support calls will usually reference specific support tickets or cases that you have previously opened, while scammers make vague references to “problems” they’ve detected.

What information can scammers access if I allow remote access to my computer?

When you allow scammers remote access to your computer, they gain nearly complete control of your system and can access virtually anything stored on it. This includes personal documents, photos, emails, saved passwords in browsers, banking information, tax documents, and any other sensitive files. They can also install persistent malware, keyloggers to capture future passwords, backdoors for continued access, and other malicious software. Additionally, they can observe your screen in real-time to see what you type (including passwords and credit card details), modify system files, disable security software, and even use your computer for illegal activities. Remote access tools like TeamViewer, AnyDesk, and SupRemo provide comprehensive control, allowing scammers to operate as if they were physically sitting at your computer. Even worse, many of these actions can happen in background windows or through methods invisible to you while they keep you distracted with their “support session” in a visible window. The potential damage from granting remote access is extensive and can lead to identity theft, financial fraud, and complete compromise of your digital life.

Are tech support scams only targeting Windows computers?

While Windows computers remain the primary target for tech support scams (accounting for approximately 70% of reported cases), these scams have expanded to target users of all major operating systems and devices. Mac users are increasingly targeted with specialized scams that reference Apple’s technical support and security systems. Mobile device users face similar scams through malicious apps, browser redirects, and calendar spam on both iOS and Android platforms. Even Linux users, though less frequently targeted, encounter tech support scams through browser-based attacks that are platform-agnostic. Scammers have adapted their scripts and technical approaches to accommodate various operating systems, making convincing references to platform-specific features and terminology. The underlying social engineering tactics remain consistent across platforms: creating fear, establishing false authority, manufacturing urgency, and extracting payment or access. No platform offers complete immunity from these scams, so users of all devices should remain vigilant and apply the same critical thinking regardless of their operating system.

How sophisticated are modern tech support scams?

Modern tech support scams have evolved significantly in sophistication, employing advanced technical and psychological techniques far beyond the crude pop-ups of earlier years. Technically, these scams now utilize complex JavaScript that can detect and evade security tools, fingerprint browsers to deliver targeted experiences, and employ geolocation filters to avoid detection by security researchers. Some advanced operations use compromised legitimate websites as distribution platforms, making them harder to block. Psychologically, scammers have refined their social engineering approaches based on extensive data about what triggers work best with different demographics. Their call center scripts have evolved through testing to maximize effectiveness, with trained operators who can convincingly impersonate technical professionals. Some operations even maintain professional-looking websites with HTTPS certificates, privacy policies, and complete corporate facades. The most sophisticated rings utilize multiple entities across different jurisdictions to process payments, route calls, and host content, making them difficult to shut down completely. These scams have effectively become a professional criminal industry with specialized roles, training programs, and continuous optimization based on success metrics.

What should I do if an elderly family member has been victimized by a tech support scam?

If an elderly family member has fallen victim to a tech support scam, take immediate action to limit damage and prevent further exploitation. First, disconnect their computer from the internet and ask exactly what occurred during the scam interaction, including what information was shared and what the scammers did on their computer. Help them contact their bank and credit card companies to report fraudulent charges and potentially freeze accounts if financial information was compromised. Change all passwords from a different, secure device, particularly for email, banking, and other sensitive accounts. Perform a complete scan of their computer with reputable security software, and consider professional assistance to ensure all malware and remote access tools have been removed. File reports with relevant authorities including the FBI’s Internet Crime Complaint Center (IC3.gov) and the FTC (ReportFraud.ftc.gov). Consider enabling fraud alerts or credit freezes with credit bureaus if personal information was exposed. Moving forward, help them set up more secure computing practices, including enabling two-factor authentication on important accounts and installing security software with real-time protection. Equally important is providing emotional support, as many victims experience shame or embarrassment after falling for these scams, which scammers may exploit in follow-up “refund” or “compensation” scams.

Conclusion

Tech support scams continue to evolve, but their core tactics remain consistent: creating fear, establishing false authority, manufacturing urgency, and extracting money from victims. By understanding these tactics and recognizing the warning signs, you can protect yourself and your loved ones from falling victim to these schemes.

Remember that legitimate tech companies never make unsolicited contact about computer problems, never demand immediate payment for support services, and never request remote access to your devices without you initiating the support request through official channels.

If you need help removing malware or dealing with legitimate computer issues, always use verified contact information from official company websites or consider trusted security tools like Trojan Killer that can help identify and remove both malware and potentially unwanted programs from your system.

Stay vigilant, stay informed, and remember: if something seems suspicious, it probably is.

Gridinsoft Team
Gridinsoft Team

Founded in 2003, GridinSoft LLC is a Kyiv, Ukraine-based cybersecurity company committed to safeguarding users from the ever-growing threats in the digital landscape. With over two decades of experience, we have earned a reputation as a trusted provider of innovative security solutions, protecting millions of users worldwide.

Articles: 139

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Fake Elon Musk in the X Token Presale Scam
X Token Presale Scam: Crypto Investment Fraud
How to Remove Trojan Emotet
How to Remove Trojan Emotet: Complete Removal Guide
How to Remove Poshukach Browser Hijacker Complete Removal Guide
How to Remove Poshukach Browser Hijacker: Complete Removal Guide
How to Remove Trojan Dridex
How to Remove Trojan Dridex: Complete Removal Guide