Tech Support Popup Scams: Fake Virus Warnings and Microsoft Impersonation

You're browsing the web when suddenly your entire screen is taken over by a terrifying message:

VIRUS ALERT FROM MICROSOFT

This computer has been LOCKED. Your files are at risk of being deleted. A Trojan Spyware has been detected. Your personal data (banking credentials, passwords, photos) is being compromised. Call Microsoft Support Immediately: 1-888-XXX-XXXX. Do NOT shut down your computer. Do NOT ignore this critical alert.

The popup is accompanied by flashing red screens, blaring alarm sounds, and a browser that won't close no matter how many times you click the X button. Your cursor might be frozen. The popup might multiply if you try to close it. A robotic voice might be reading the warning aloud.

It looks and sounds terrifying. It's designed to be. And every single element — the warning, the phone number, the flashing alerts — is completely fake.

How the Scam Works

The Fake Alert

These popups are triggered by malicious advertisements on websites, redirects from compromised sites, or malicious links in emails and social media posts. They use JavaScript tricks to make your browser appear locked — fullscreen mode, disabled right-click, multiple overlapping popup windows, and audio loops that play alarm sounds.

The warnings impersonate Microsoft, Apple, Norton, McAfee, Windows Defender, or other trusted security brands. They include realistic-looking virus scan results, fake error codes, and urgent language designed to make you believe your computer is in immediate danger.

Your computer is not actually infected. The popup itself is just a webpage — it has no access to your files, passwords, or personal data. It can't lock your computer or delete anything. It's a webpage pretending to be a system alert.

The Phone Call

If you call the number, a "technician" answers with a professional-sounding greeting like "Microsoft Security Support, how can I help you?" They'll ask you to describe the problem (the popup they created) and then explain that your computer is "severely infected" and needs immediate repair.

They'll instruct you to download a remote access tool — AnyDesk, TeamViewer, ConnectWise, or UltraViewer. Once installed, they can see and control your entire screen.

The "Repair"

With remote access, the fake technician opens Command Prompt or Event Viewer and shows you normal system logs that they claim are "virus infections." Every computer has harmless warnings in Event Viewer — the scammer presents these as evidence of malware to justify their services.

They then "clean" your computer (doing nothing useful) and present you with a bill — anywhere from $199 to $999 for a "lifetime security plan" or "annual protection subscription." They want payment by credit card, gift cards, or bank transfer.

Some scammers go further: while they have remote access, they install actual malware, keyloggers, or backdoors on your computer. They may also browse your files, copy saved passwords from your browser, or access your email and banking apps.

The Follow-Up Scam

Months later, the same scammers (or others who bought your information) may call claiming to be from the same tech support company. They say the company is going out of business and you're entitled to a refund. This is a refund scam (see our article on refund scams) designed to steal even more money.

Red Flags to Watch For

1. A popup claiming your computer is infected. Real security software (Windows Defender, Norton, Malwarebytes) displays notifications within its own application — never as a browser popup with a phone number to call.

2. A phone number to call "Microsoft" or "Apple." Microsoft and Apple do not display their phone numbers in virus alerts. They do not monitor your computer remotely. They will never proactively call you about viruses.

3. Your browser appears "locked." Browser popups cannot lock your computer. They can make it difficult to close the browser window, but they cannot prevent you from shutting down your computer.

4. Alarms, sirens, or robotic voice warnings. Legitimate security alerts never use sound effects to alarm you. If your computer is playing alarms and a voice is telling you to call a number, it's a scam.

5. Requests to download remote access software. No legitimate tech support interaction begins with an unsolicited popup and ends with downloading remote access tools. This is always a scam pattern.

6. Fake error codes. Scam popups display fake error codes like "Error #0x80072ee7" or "Windows Defender Alert Code: 2V7Hgr." These codes are meaningless.

7. Payment demanded via gift cards. No legitimate technology company accepts payment in Google Play cards, iTunes cards, or Steam cards.

What to Do When You See a Fake Popup

Don't call the number. That's what the entire scam is designed to make you do. Don't do it.

Close the popup. Try pressing Alt+F4 (Windows) or Cmd+Q (Mac) to force-close the browser. If that doesn't work, press Ctrl+Alt+Delete (Windows) and use Task Manager to end the browser process. On Mac, press Cmd+Option+Esc to Force Quit.

If nothing works, shut down your computer. Press and hold the power button for 5-10 seconds until the computer turns off. When you restart, your browser may ask if you want to restore previous tabs — click "No" or close the restore prompt.

Clear your browser data. After restarting, clear your browser's cache and cookies to remove any stored redirects.

Run a real security scan. Use Windows Defender (built into Windows), Malwarebytes (free version), or another reputable antivirus to scan for actual threats. You almost certainly won't find any — the popup was just a website.

If you already called and gave remote access: Disconnect from the internet immediately. Uninstall any remote access software they had you install. Change all your passwords from a different device. Run a full antivirus scan. Contact your bank if you shared financial information. Consider having a professional check your computer for backdoors.

---

Not sure if a warning message on your computer is real or a scam? Copy the text and paste it into our free scam scanner for an instant analysis. Our AI identifies fake tech support alerts, phishing language, and known scam patterns.