You're browsing normally when your screen suddenly fills with a blaring red warning: "YOUR COMPUTER HAS BEEN INFECTED. Call Microsoft Support immediately at 1-800-XXX-XXXX." The page won't close. An audio voice loop tells you not to shut down your computer. It looks like Windows or macOS is talking to you. It's not. It's a webpage — built to scare you into calling a scam call center.
The FTC reported $924 million in losses from tech support scams in 2023, with a median individual loss of $1,480. Victims over 60 accounted for the highest total losses, often paying through gift cards or wire transfers that are nearly impossible to recover.
The scam is straightforward but effective. It combines browser tricks with social engineering to make you believe your computer is compromised — when in reality, you're just looking at a web page. No malware is involved at the popup stage. The real damage starts when you pick up the phone.
You land on the scam page through a malvertising ad, a compromised website, a typosquatted domain, or a search result that redirects. Sometimes it's triggered by clicking a link in a phishing email. The redirect chain is designed to bypass ad network filters.
The page enters fullscreen mode (or uses CSS tricks to simulate it), displays a fake Windows Defender or Apple Security alert, and often plays an audio warning on a loop. JavaScript dialogs and hidden iframes make it difficult to close the tab or navigate away. The goal is to make you panic.
The fake alert prominently displays a phone number. When you call, a person answers pretending to be from Microsoft, Apple, or your ISP. They speak calmly, use technical jargon, and walk you through "diagnostic steps" that are actually just normal system logs made to look alarming.
The scammer asks you to install remote access software — AnyDesk, TeamViewer, or UltraViewer. Once connected, they "find problems" (Event Viewer errors that every PC has) and demand payment to "fix" them. Fees range from $200 to $1,000+, paid via gift cards or wire transfer. Some also install actual malware or steal files while they have access.
A full-screen page mimics the Windows Defender interface with a red banner reading "Trojan Spyware Alert — Error Code: #0x898778." The Windows logo, system fonts, and a fake scan progress bar make it look authentic. An audio loop repeats "Do not restart your computer" while a prominent phone number flashes in the center. The page uses document.documentElement.requestFullscreen() to hide the browser chrome.
Safari users see a popup styled like a macOS system dialog: "Your Mac is infected with 3 viruses. Immediate action is required." The page background shows a blurred fake desktop. Clicking anywhere triggers additional JavaScript alerts that make it seem impossible to leave. The "Apple Support" number connects to an overseas call center.
A page requests fullscreen permission, then overlays a fake operating system screen complete with a taskbar and desktop icons. It displays a fake Blue Screen of Death or kernel panic, followed by a "recovery" screen with a support number. Users who don't know how to exit fullscreen (press Escape or F11) believe their computer has crashed.
Ctrl+Shift+Esc (Windows) or Cmd+Option+Esc (Mac) to open your task manager. End the browser process entirely. If fullscreen is trapping you, press Esc or F11 first. The popup is just a web page — closing the browser eliminates it.These scams rely on a handful of browser tricks that repeat across every variant. PhishClean knows what to look for:
Tech support scams often start with a phishing email that redirects to the fake warning page.
Scam popups use invisible iframes to trap your browser and layer fake UI elements.
Step-by-step guide to closing, clearing, and recovering from fake security alerts.
Older adults lose the most to tech support scams. Here's how to set up their browser safely.
Quick checks you can do before trusting any website with your information or attention.
PhishClean catches scam overlays, hidden iframes, and fake security warnings before they trap your browser. Free to install — works on Chrome, Firefox, and Edge.
Install PhishClean