CallTracer

Article

The fake virus pop-up: how the tech-support scam works

A pop-up tells you your computer is infected and gives a number to call. The page is a trick; the call center is the trap. Here is how the scam works.

T

The CallTracer team

· 4 min read

Share All articles
The fake virus pop-up: how the tech-support scam works

A browser tab freezes. A red banner takes over the screen, sirens blare from your speakers, and a robotic voice says your computer has been blocked by Microsoft because of a virus. A toll-free number flashes. Call it now, the page says, or your files will be deleted.

None of it is real. The page is a static HTML trick, the virus is a JavaScript loop, and the toll-free number routes to a call center whose entire job is to talk you into handing over your computer or your money. This is the tech-support scam — one of the longest-running and most lucrative phone scams in the world, and one that quietly evolves to keep stealing from people who already know they should not call random numbers.

How the page gets in front of you

You almost never go looking for the pop-up. It arrives through one of a few quiet routes:

  • A typo on a popular domain that bounces you through a chain of ad networks.
  • A bad ad served on an otherwise legitimate site.
  • A hijacked browser extension, or a search result poisoned for a niche query.

Once the page loads, simple JavaScript locks the tab — looping alert boxes, forced full-screen mode, fake mouse cursors. Your computer is fine. The browser is just being noisy. Closing the tab, force-quitting the browser, or rebooting the machine fixes it instantly. There is no virus to remove.

The script on the other end of the line

Calling the number is where the actual loss happens. The agent is friendly, slightly accented, and reading from a script that has been refined over a decade of practice. They will:

  1. Ask you to install a remote-access tool — usually a legitimate one like TeamViewer, AnyDesk, or UltraViewer. They walk you through it patiently.
  2. Run a few harmless commands that look terrifying — a netstat dump, the Windows event viewer, a directory listing of system files — and narrate them as evidence of foreign IP intrusions.
  3. Quote you a price. Sometimes it is a one-time license of a few hundred dollars. Sometimes it is a multi-year plan that runs into the thousands.
  4. Tell you the only way to pay is gift cards, a wire, or — in the most aggressive variant — by logging into your bank and letting them help move funds to a secure account.

If a stranger on the phone ever asks you to install software or read them gift card numbers, the call is the threat. There is no other interpretation.

Why it keeps working

Two reasons, and they reinforce each other.

The first is that the pop-up genuinely looks alarming. People who would never give a card number to a cold caller will dial a number printed on their own screen, because the screen feels like a trusted source.

The second is that the call center keeps you on the line for as long as it takes. Targets are often older, often alone, and the agent is the only voice in the room. By the time gift cards enter the conversation, an hour has passed and walking away starts to feel like wasting the time already invested. Scammers count on that pull.

What actually shuts the scam down

Three habits, in order of how often they get tested:

Treat any phone number that appears on a screen with suspicion. Real Microsoft and Apple support do not put toll-free numbers in browser pop-ups. If you need help, type the company's address into the URL bar yourself.

Never install remote-access software at the request of someone who called you, or who you called from a pop-up. The ask is the tell. There is no follow-up question that turns a bad call into a safe one.

Hang up and verify by a channel you control. If the caller claims to be from your bank, your ISP, or your operating-system vendor, end the call and dial the number printed on the back of your card or on the company's official website. A real agent will not be insulted.

If you already called

Reboot the computer, uninstall any remote-access software the caller had you install, and change the passwords on any account they could see — bank, email, anything that was open in a browser tab. If you paid by gift card, save the card numbers and the receipts and report the loss to the issuing brand and to your local consumer-protection agency. Recovery is rarely complete, but reporting feeds the data that eventually shuts call centers down.

If the number that called you keeps showing up — or if you are unsure whether a number you do not recognize is safe — running it through a phone-number lookup before calling back is a small, free habit that pays for itself the first time it stops you from dialing.

T

Written by

The CallTracer team

The CallTracer team writes about phone scams, spam trends, and the intelligence behind every lookup.

Keep reading

More from the journal

All articles →

The Medicare card scam: why the 'new card' call is a lie

A polite voice says your new Medicare card is on the way and just needs to verify your number. Medicare does not call out of the blue — here is how the scam works.

The jury duty scam: when a 'deputy' calls about a missed court date

A calm voice claims to be a sheriff's deputy, says you missed jury duty, and threatens arrest unless you pay a fine on the spot. Here's how the scam unfolds.

The jury duty scam: when a 'sheriff' calls about a missed summons

A 'sergeant' calls saying you missed jury duty and a bench warrant is on the way. Real courts do not work that way — here is how the scam actually unfolds.

Got a number you don't recognize?

Look it up instantly — carrier, location, and community reports in one place. Free, no signup.

Look up a number