A full-screen browser alert fills your screen with Windows or Apple branding, a loud alarm, and an urgent warning that your computer has been infected with a virus. A phone number is displayed. Do not call it. Microsoft and Apple never communicate through browser pop-ups, and the alert is not real — but the financial damage from calling the number is.
The tech support pop-up scam is a browser-based fraud that uses fear of a computer virus to trick users into calling a fake support line. A malicious webpage — triggered by a compromised ad, a deceptive link, or a malicious browser extension — displays a full-screen alert mimicking Microsoft’s or Apple’s real interface design, complete with their logo, error code formatting, and color scheme.
The alert claims your computer has been infected with a dangerous virus, that your files and financial data are at risk, and that you must call the displayed number immediately. Some versions include audio alarms that cannot be muted, a countdown timer, or text claiming that closing the window will cause permanent data loss. These elements are psychological pressure tools — none of them reflect real operating system behavior.
The FTC reports that tech support fraud cost Americans over $924 million in a single recent year, with a median loss per victim of approximately $500. Adults over 60 represent the majority of reported losses, though the scam targets all ages — because it exploits fear rather than technical naivety. Scam operations purchase consumer data including age, contact details, and browsing behaviour from data broker databases to identify the most responsive demographics. You can check how much of your personal information is currently listed on data broker sites using our free tool.
The pop-up is delivered through a malicious webpage. You may land on it by clicking a deceptive ad on a legitimate site, visiting a compromised website, following a link in a phishing email, or having a malicious browser extension installed. The page is coded to immediately trigger full-screen mode and disable standard browser controls — making it appear your entire system is locked, when in reality it is only your browser tab.
The page is a pixel-perfect replica of a Microsoft Windows or Apple macOS security alert — using the real company’s logo, fonts, colors, and error code format. It displays alarming language: “Your computer has been blocked,” “Spyware detected,” or “Your files are at risk of deletion.” A phone number — labeled as Microsoft Support, Apple Care, or a similar official-sounding name — is prominently displayed. Audio alarms play on a loop and may be impossible to mute through normal controls.
When the victim calls the number, a “technician” answers with a professional greeting. They ask for remote access to the computer using legitimate tools like AnyDesk, TeamViewer, or Quick Assist. Once connected, they navigate around the system to find things that “confirm” the infection — legitimate Windows system logs containing normal error entries, or benign processes they label as malicious. The performance is convincing to anyone without technical background.
After “diagnosing” the fabricated problem, the technician quotes a fee — typically $200 to $1,000 — for a security service, a support plan, or virus removal. Payment is requested by gift card, wire transfer, or credit card. Meanwhile, the remote access session may be used to access saved passwords, banking login pages, stored financial documents, or to install actual malware that enables future access. Victims paying for “removal” may be getting malware installed.
Victims of tech support scams are frequently targeted a second time by the same or affiliated operations. A caller claims to be from the tech company, apologizing for overcharging — they need to process a refund of $300 to your account. They request remote access again to “send the refund,” then instruct you to log into your bank account while they watch. They alter the display to show an inflated refund, then demand you return the excess — a second theft layered onto the first.
Windows: Press Ctrl + Shift + Esc → find your browser → click End Task. Mac: Press Command + Option + Esc → select your browser → Force Quit. If the pop-up reappears on relaunch: open your browser’s history settings and clear cached data before reopening. Do not click anywhere on the pop-up itself — even the X button can be coded to trigger a download or a call. Your computer is almost certainly fine. The alert exists only in your browser.
Once connected via remote access software, tech support scammers follow a rehearsed script for producing convincing “evidence” of infection. The most common technique involves opening Windows Event Viewer, which displays normal system log entries — routine warnings and errors that appear on every Windows installation. To a non-technical user, a list of “Critical” and “Error” entries looks alarming. The scammer narrates these as symptoms of serious malware to justify their fee.
The irony of the tech support scam is that a device that was perfectly clean when the pop-up appeared may not be clean after the remote session. Some operations install keyloggers, remote access backdoors, or credential-stealing software during the “repair” session. This enables ongoing unauthorized access to banking, email, and other accounts long after the call ends — turning a one-time payment scam into a persistent identity theft operation.
AnyDesk, TeamViewer, and Quick Assist are legitimate, widely-used remote support tools. They are not malware. The danger is not in the tool — it is in who has the other end of the connection. Only grant remote access to someone you contacted through an official channel you initiated, for a pre-existing support relationship. Never grant access to someone who reached out to you through a pop-up, a cold call, or an unsolicited message.
Also worth doing: remove your contact details from data broker sites so scam call operations have a harder time targeting you.
See the identity theft protection services we recommend →Independent reviews. Tested with our own information. No fluff.
