"Hello, I'm calling from Microsoft. Our systems have detected a serious virus on your computer." It's a scam that has run for years because it works on a real fear - that something is wrong with your device. Whether it starts with a cold call or a scary pop-up telling you to ring a number, the goal is the same: get remote control of your computer and your money. Here's how to recognise and stop it.

How the tech support scam works

There are two common entry points:

  • The cold call. Someone phones claiming to be from "Microsoft", "Windows support" or your internet provider, saying they've detected a virus, malware, or that your computer is "sending error reports".
  • The scareware pop-up. While browsing, a full-screen warning appears - often with alarms or a robotic voice - saying your PC is infected and you must call a support number immediately. The pop-up is just a web page designed to frighten you.

Either way, once you're talking to the "technician", the script runs like this:

They ask you to install a remote-support tool so they can "see the problem". With control of your screen, they open ordinary system logs and present harmless entries as "thousands of infections". Alarmed, you agree to a "fix" or "support package" for a fee. They then ask you to log into your bank to pay - and either take far more than agreed, or use the access to drain the account. Some even stage a fake "refund" later that's actually a fresh theft, claiming they "refunded too much" and you must send the difference back.

Red flags

  • An unsolicited call about your computer from "Microsoft", "Apple" or your ISP.
  • A pop-up telling you to phone a number - real security warnings never do this.
  • A request to install remote-access software (names you don't recognise, or that the caller dictates).
  • Being asked to log into your bank while they're connected.
  • Payment for "support" by card, transfer or gift cards.
  • Urgency and fear - "your computer will be permanently damaged".

What to do

  1. Hang up, or close the pop-up. Don't call any number a pop-up displays. If the pop-up won't close, shut the browser (or restart the computer); the "virus" is just a web page.
  2. Never install software or grant remote access because of an unsolicited call.
  3. If you already gave access, disconnect from the internet, uninstall any remote-access tool they had you install, run a security scan, and change your passwords from a different, trusted device.
  4. If you made a payment or they accessed your bank, contact your bank immediately - see what to do if you've been scammed.
  5. Report it to Action Fraud and forward scam texts to 7726.

How real tech companies operate

Microsoft, Apple and legitimate providers don't monitor your personal device for viruses and then phone you, and their error messages never include a phone number to call. Genuine support happens when you initiate contact through an official website or app. If you're worried about your computer, seek help from a trusted local IT professional - if you run a business, our IT Support service can keep your systems genuinely protected, including endpoint protection and staff awareness training to spot scams like this.

The bottom line

The tech support scam sells you a cure for an illness you don't have - and the "cure" is the actual attack. Real technology companies don't cold-call about viruses, and real warnings never tell you to phone a number. Hang up, close the pop-up, and never let an unsolicited caller onto your device. If you've been caught, disconnect, change passwords from another device, and contact your bank.

Frequently asked questions

Does Microsoft call you about computer viruses?

No. Microsoft does not monitor personal computers for viruses and will never cold-call you about an infection. The same goes for Apple and your broadband provider. Any unsolicited call claiming your device has a virus is a scam - hang up.

A pop-up says my computer is infected and to call a number - is it real?

No. Genuine security warnings never tell you to phone a number. The pop-up is just a web page designed to scare you. Close the browser or restart your computer; don't call the number, and don't install anything it suggests.

I let someone remotely access my computer - what should I do?

Disconnect from the internet, uninstall any remote-access software they had you install, run a full security scan, and change your important passwords from a different, trusted device. If they accessed your bank or you paid them, contact your bank immediately and report it to Action Fraud.

Why do they offer a "refund" later?

The fake refund is a second scam. They claim to have "refunded too much" and pressure you to send the difference back, or use renewed access to your bank to steal more. Don't engage - any contact from "tech support" offering a refund is part of the fraud.