Tech Support Scam Recognition and Avoidance

Tech support scams represent one of the most persistently reported categories of consumer fraud in the United States, exploiting the gap between technical complexity and public familiarity with legitimate software behavior. The Federal Trade Commission (FTC) and FBI's Internet Crime Complaint Center (IC3) both track these schemes as a distinct fraud classification with measurable financial impact on consumers across age groups. This page covers the operational definition, known delivery mechanisms, scenario types, and the classification boundaries that distinguish legitimate technical support from fraudulent contact — structured as a reference for consumers, researchers, and professionals working in fraud prevention or digital safety.

Definition and scope

A tech support scam is a form of fraud in which an actor impersonates a legitimate technology company, government agency, or independent IT service provider to deceive a target into believing their device has a serious technical problem — then charges for unnecessary services, installs malware, or extracts financial or credential data.

The FTC classifies tech support fraud as a consumer fraud category under its enforcement mandate. The FBI's IC3 2022 Internet Crime Report recorded losses from tech support fraud exceeding $800 million in that year alone (FBI IC3 Internet Crime Report 2022), making it one of the top three fraud types by reported financial loss. Victims aged 60 and older accounted for the majority of reported dollar losses in that reporting period.

The scope includes unsolicited phone calls, browser-based pop-up warnings, deceptive search advertisements, email-based pretexts, and in-person solicitations. The FTC's 2021 report on tech support fraud identified Microsoft as the most frequently impersonated brand, followed by Apple and internet service providers.

The online safety listings maintained on this domain cover service providers operating in fraud prevention, consumer protection technology, and related digital safety sectors.

How it works

Tech support scams follow a structured sequence that shifts depending on the initial contact vector, but the core phases remain consistent across variants:

1. Initial contact — The target receives an unsolicited contact, which may be an inbound phone call, a browser pop-up that locks or appears to lock the screen, a deceptive ad in search engine results, or a phishing email. The message claims the device is infected, compromised, or out of compliance.

2. Alarm escalation — The actor uses urgency language, fake error codes, or simulated system scan outputs to escalate perceived threat severity. Some scripts reference Microsoft Windows Event Viewer logs — which display normal operational entries — as evidence of infection.

3. Remote access request — The target is directed to install a legitimate remote access tool such as AnyDesk, TeamViewer, or ScreenConnect. The actor then uses this access to appear to diagnose the fabricated problem, create genuine-looking evidence of damage, or silently install malware or credential harvesters.

4. Payment extraction — Charges are presented for "repair" services, extended support contracts, or antivirus software. Payment is frequently requested via gift cards, wire transfer, cryptocurrency, or peer-to-peer payment apps — methods chosen specifically because they are difficult to reverse.

5. Secondary exploitation — In cases involving remote access, actors may return for follow-up contact claiming the original problem recurred, or may use harvested banking credentials for independent financial fraud.

The Cybersecurity and Infrastructure Security Agency (CISA) identifies remote access abuse as the primary vector for escalation from fraud to direct system compromise.

Common scenarios

Three operationally distinct scenarios account for the majority of documented cases:

Browser pop-up lockout — A malicious advertisement or compromised website triggers a full-screen browser alert displaying a fake Microsoft or Apple error message with a toll-free number. The browser window may use JavaScript to resist closing. This scenario targets users who encounter the pop-up while browsing and mistake it for an operating system-level warning.

Outbound cold call impersonation — The actor calls the target directly, claiming affiliation with a known technology company. Scripts often reference account anomalies, detected intrusions, or expiring service contracts. This vector disproportionately affects older adults, as documented in the IC3 Elder Fraud Report, which in 2022 showed individuals over 60 filed 17,673 tech support fraud complaints (FBI IC3 2022 Elder Fraud Report).

Refund scam variant — The actor contacts a previous victim (or claims the target was previously charged) and offers a refund for services never rendered. The refund pretext is used to gain remote access to banking portals, after which the actor manipulates the screen to simulate an overpayment and pressures the target to return funds via gift card or wire. The FTC has documented this as a distinct sub-type in its Consumer Sentinel Network Data Book.

Deceptive search advertisement — A fraudulent company purchases paid search placements for queries such as "Microsoft support phone number" or "printer setup help." The resulting calls reach actors posing as manufacturer support staff. The FTC's enforcement actions have targeted this vector specifically, including actions against companies operating fake tech support call centers.

Decision boundaries

Distinguishing legitimate technical support from fraudulent contact depends on a small set of structural tests:

• Contact direction — Legitimate technology companies do not initiate contact to inform users of infections or account problems via unsolicited phone call or browser alert. Any inbound contact claiming a device problem is presumptively suspect.
• Payment method request — No legitimate support organization requests payment via gift card, cryptocurrency, wire transfer, or peer-to-peer apps such as Zelle for technical services.
• Remote access requests from unsolicited contacts — Granting remote access to a party who initiated unrequested contact is the primary mechanism by which tech support scams escalate to credential theft and financial fraud. Legitimate scheduled support sessions involve prior appointment and verifiable service contracts.
• Error code legitimacy — Windows Event Viewer entries and generic error codes (such as "Error 0x00000001") are normal operating system outputs and do not constitute evidence of malware. Microsoft's official documentation (Microsoft Support) does not direct users to call phone numbers displayed in browser alerts.
• Caller ID — Caller ID spoofing is a standard tactic; a displayed number matching a known company does not authenticate the caller's identity.

The FTC's Impersonation Rule, which took effect in 2024, expanded the commission's authority to seek civil penalties against actors impersonating government agencies and businesses — including technology companies — through fraudulent communication channels. Complaints about tech support fraud can be submitted to the FTC at ReportFraud.ftc.gov and to the IC3 at ic3.gov.

The purpose and scope of this directory and how to use this resource provide context for how the broader service listings on this domain are organized and what professional categories are represented.

References

• FBI Internet Crime Complaint Center (IC3) — 2022 Internet Crime Report
• FBI IC3 — 2022 Elder Fraud Report
• Federal Trade Commission — Tech Support Fraud Report (2021)
• Federal Trade Commission — Consumer Sentinel Network Data Book
• Federal Trade Commission — Impersonation Rule
• Cybersecurity and Infrastructure Security Agency (CISA) — Recognizing and Reporting Tech Support Scams
• Microsoft Support — Official Microsoft contact channels
• FTC ReportFraud Portal
• FBI Internet Crime Complaint Center (IC3) — Complaint Filing