Tech Support Scams

What Is Tech Support Scams?

You're browsing a legitimate news site when your screen is suddenly taken over. A full-screen alert claims your computer is infected with a trojan. A siren blares from your speakers. The warning displays a phone number and insists you call Microsoft Support immediately. Your mouse seems stuck. You can't close the browser. None of it is real. The 'alert' is a webpage using JavaScript to fake a system warning. The siren is an audio file. The locked cursor is a CSS trick. But in the moment, with adrenaline pumping, it feels completely real. That emotional hijack is the entire attack. The FBI's Internet Crime Complaint Center received over 37,500 tech support scam complaints in 2023, with reported losses exceeding $924 million. Victims who call the number reach a professional-sounding 'technician' who walks them through steps that install remote access tools like AnyDesk or TeamViewer. Once connected, the scammer can see everything on your screen, install malware, access banking portals, and demand payment for their 'services.' In this exercise, you'll encounter a realistic fake virus warning and walk through the attacker's full playbook. You'll learn why Ctrl+Alt+Delete and force-closing the browser is the correct first response. You'll understand how remote access tools are abused and why legitimate tech support will never cold-call you or ask for gift card payments. You'll practice the response sequence: close, disconnect, report.

What You'll Learn in Tech Support Scams

• Identify fake virus alerts, browser lockscreen tactics, and scare-based social engineering
• Apply proper browser force-close techniques to escape full-screen scam pages
• Recognize how remote access tools are abused by fraudulent tech support operators
• Distinguish between legitimate IT support procedures and tech support scam behaviors
• Execute the correct incident response steps: close the browser, disconnect if needed, report to IT

Tech Support Scams — Training Steps

1. A Busy Quarter-End

   It's Thursday afternoon. You're working on the Q1 performance report for a major client. The deadline is tomorrow and you still need to cross-reference some statistical benchmarks. You decide to look up some industry data on a reference site you've used before.

2. Browsing for Data

   Alice opens StatReference, a statistics resource site she's used many times. While scanning the page for relevant datasets, a small notification pops up in the corner of the screen. It looks like a Windows system alert - complete with a shield icon and urgent red text.

3. The "Virus Alert"

   The browser redirects to a terrifying full-screen warning page. Flashing red borders, a Windows Defender logo, and 'CRITICAL THREAT DETECTED' in massive text. The page lists several active threats and claims Alice's personal data is at risk of being stolen. A phone number is displayed prominently: 1-888-330-4127 - 'Call Microsoft Certified Support Immediately.'

4. Calling for Help

   Alice's heart is racing. Her client report contains sensitive financial data - if her computer is truly infected, the client's data could be compromised. With the deadline looming and fear clouding her judgment, she grabs her phone and dials the number from the warning.

5. "Microsoft Certified Support"

   Someone picks up after a single ring. He introduces himself as Ryan, a certified technician, and immediately claims Alice's computer has been flagged with critical threats. His tone is calm, professional, and reassuring.

6. The Remote Access Pitch

   Ryan escalates the urgency, claiming Alice's system needs an immediate remote diagnostic. He directs her to download a specific tool so he can analyze the threats remotely.

7. Downloading the Tool

   Alice opens the URL Ryan provided. The page looks professional - a shield logo, 'Microsoft Certified' badges, and a prominent download button for 'SecureAssist Pro.'

8. Running the Installer

   The download completes quickly. Alice opens her file manager and double-clicks the file to install it, eager to get the 'diagnostic' running so Ryan can fix the problem.

9. The Antivirus Warning

   The moment Alice runs the file, her antivirus software springs into action. A red alert appears: the file contains a Remote Access Trojan. Ryan, still on the line, quickly tells Alice to dismiss the warning. He claims the existing virus is interfering with her security software and causing false alerts.

10. Overriding Protection

    Ryan sounds so confident that Alice begins to doubt her own antivirus. Against her instincts, she decides to dismiss the warning and let the 'technician' proceed.