The fake tech support scam: Microsoft, Apple and your provider

You get a call with a foreign accent, or a pop-up window opens with a phone number and an alarming warning: your computer is infected. Whoever is on the other end claims to be from Microsoft, from Apple or from your phone provider, and promises to fix it in five minutes. It is one of the most widespread scams of the past decade, and it works because it combines fear, urgency and the authority of a brand you trust.

The script: how they hook you

The fake tech support scam has a very recognisable pattern once you know how to spot it. It usually starts in one of these ways:

• A pop-up window that locks up the browser, often with alarm sounds, a Windows or antivirus logo and a message along the lines of "Your device has been infected, do not switch it off and call 900 XXX XXX". The number is the trap.
• A direct call in which the person introduces themselves as a Microsoft technician, Apple support, or the security department of your phone company or your bank.
• An email or text message warning you of "suspicious activity" and inviting you to call a helpline number.

From there the pitch is always the same. They tell you they have detected a virus, a hacker or an "expired licence", they create a sense of urgency ("if we don't act now you'll lose your data") and they offer to fix it remotely. Everything is designed to stop you from pausing to think. It is a variant of vishing, the phone fraud that uses the voice to win your trust.

What they are really after

The supposed technician never wants to fix anything. Their goal is one of these, or several at once:

• To get you to install remote control software such as AnyDesk, TeamViewer, QuickAssist or similar. These are legitimate programs, but in their hands they hand over total control of your machine: they see your screen, move the cursor and open your files.
• To access your online banking. Once inside the computer, they ask you to log into your account "to check a charge" or "to process a refund". In reality they are setting up a transfer.
• To charge you for the fake service, usually with inflated figures, and sometimes to pretend they made a mistake when refunding you so that you "give back the difference".
• To get you to pay with gift cards from Google Play, Apple, Amazon or the like. They ask you to buy them and read out the codes. No real company charges for its support this way: it is the clearest sign of fraud.
• To steal passwords and personal data which they then use to impersonate you or sell on.

Clear signs that it is a scam

The underlying rule is simple: Microsoft, Apple and your provider do not call like this. These companies do not monitor your personal computer, nor do they phone you because you have a virus. Always be wary when these situations arise:

• A pop-up window gives you a phone number to call. Legitimate support does not work through alerts that hijack the browser.
• They contact you without you having opened any support case.
• There is a rush, threats or a tone of "we have to act right now".
• They ask you to install a program so they can "see" your machine.
• Payment is by gift cards, cryptocurrencies or an immediate transfer.
• They ask for passwords, verification codes that arrive by text message, or your full banking details.

Any one of these points, on its own, is enough to hang up. If you have doubts about who is behind a number, you can check how to find out who is calling you before returning any call.

The golden rule

If someone calls you or an alert tells you that your computer is in danger: hang up or close the browser. Never install software or grant remote control to whoever contacted you. If you are genuinely worried about the state of your machine, be the one who finds the contact: go to the manufacturer's official website by typing the address out by hand, or use the number on your contract or on the back of your bank card. Never the number that appears in the pop-up window or the one dictated to you by the person calling.

For general situations, go over our guide on what to do about a suspicious call: always applying the same steps protects you even when the scam disguises itself as something new.

What to do if you have already given them access

Falling for it does not mean all is lost. Act quickly and in this order:

1. Disconnect the machine from the internet. Turn off the Wi-Fi or unplug the network cable to cut off the remote control straight away.
2. Uninstall the remote access program they had you install (AnyDesk, TeamViewer, etc.) and run a full scan with an up-to-date antivirus. If you don't feel up to it, take the machine to a trusted technician.
3. Change your passwords from another clean device (your phone, for example): first your email and online banking ones, then the rest. Enable two-step verification wherever possible.
4. Alert your bank as soon as possible if you logged into your account, gave card details or notice unusual activity. Ask them to block cards and review recent transactions; the sooner you report it, the easier it is to reverse charges.
5. Check whether you paid with gift cards and report it to the issuer (Apple, Google, Amazon); in some cases they can cancel them if they have not yet been redeemed.
6. Report the incident to the Police or the Guardia Civil. The report is necessary for any later claim and helps to pursue those responsible.

Don't feel ashamed: these networks are professional and highly persuasive. What matters is reacting in time.

Help stop the next call

Every number that gets reported helps to warn the next person who receives the same call. If you have been targeted by one of these scams, report the number in our spam number directory: your alert feeds the database that lets other users identify the threat before picking up. Together we can make fake tech support stop being a profitable business.