How Tech Support Scams Work: A Complete Breakdown

Tech support scams have evolved into a sophisticated criminal industry, bilking victims—often elderly or less tech-savvy individuals—out of thousands of dollars. These schemes rely on manufactured urgency, fake authority, and psychological manipulation. Here’s how the major variants operate.

The Fake Blue Screen of Death (BSOD)

This is one of the most common entry points. You’re browsing the web when suddenly your screen locks up with a full-screen warning that mimics a Windows crash. The message typically claims:

  • Your computer is infected with a virus
  • Your data is at risk of being stolen
  • You must call a “Microsoft Support” number immediately

How it actually works: The “crash” is just a webpage—often triggered by a malicious ad or compromised site—using JavaScript to go fullscreen and disable normal escape methods. There’s nothing wrong with your computer. The scammers want you to call the number, at which point a fake technician takes over.

Red flags:

  • Microsoft, Apple, and other companies never display phone numbers in error messages
  • Real system crashes don’t ask you to call anyone
  • The page often prevents you from closing it (force-quit your browser to escape)

The Cold Call

Some scammers skip the bait entirely and call you directly, claiming to be from Microsoft, your internet provider, or a security company. They’ll say they’ve “detected suspicious activity” on your computer or that your IP address has been “compromised.”

They’ll ask you to open Event Viewer (a Windows tool that always shows benign warnings and errors) and use the normal log entries as “proof” of infection. This is pure theater—every Windows machine has these logs.

Remote Access: Where the Real Damage Happens

Once you’re on the phone, the scammer’s immediate goal is to get remote access to your computer. They’ll direct you to download legitimate tools like AnyDesk, TeamViewer, or ConnectWise (formerly ScreenConnect).

With access, they can:

  1. Stage fake evidence — They’ll open command prompts, run harmless commands that produce alarming-looking output, or show you the netstat command (which displays normal network connections) and claim hackers are connected to your machine.
  2. Disable your security software — To prevent real antivirus tools from flagging their activity.
  3. Install actual malware — Some scammers plant keyloggers or backdoors for future access.
  4. Lock you out — They may set a BIOS password or install ransomware as leverage if you refuse to pay.

The “Refund” Scam Variant

A particularly cruel twist targets people who’ve already been scammed—or haven’t been scammed at all but are told they were. The caller claims:

“Our company is closing down, and we owe you a refund of $300 for services you previously paid for.”

Once they have remote access, they ask you to log into your bank account so they can “process the refund.” Then they perform a sleight-of-hand trick:

  1. They black out your screen or open a fake banking page
  2. They edit the HTML to make it look like $3,000 was deposited instead of $300
  3. They panic you into believing you received too much and must return the difference—via gift cards, wire transfer, or cryptocurrency

No money was ever deposited. They’ve simply edited what you see on screen.

Amazon and Shipping Phishing Scams

These scams exploit the ubiquity of online shopping. You receive an email, text, or automated call claiming:

  • There’s a problem with your Amazon order
  • A suspicious purchase of $799 (or some alarming amount) was made on your account
  • Your Prime membership is about to be charged, and you need to “press 1” to cancel

The phishing email version includes a link to a fake Amazon login page. Once you enter your credentials, the scammers harvest your username and password—and often your credit card info if the fake site asks you to “verify” your payment method.

The phone call version connects you to a scammer who asks for your Amazon login, credit card details, or remote access to “secure your account.” Some variants claim you need to pay a fee or buy gift cards to “reverse” the fraudulent charge.

Why gift cards? Scammers love gift cards (Amazon, Google Play, Apple, Target) because they’re untraceable, instantly redeemable, and can be converted to cash or cryptocurrency. No legitimate company or government agency will ever ask for payment in gift cards.

The “Government Agency” Overlay

Many of these scams escalate by transferring you to a fake “FTC investigator,” “FBI agent,” or “bank fraud department.” The scammer claims your identity has been used in money laundering or drug trafficking, and you must move your money to a “safe account” or withdraw cash to be picked up by a “federal courier.”

This is social engineering at its most aggressive—they use fear of arrest and manufactured authority to override your judgment.

How to Protect Yourself

  • Hang up and look up the real number. Never trust a number given to you in a pop-up, email, or unsolicited call. Go directly to the company’s official website.
  • Never give remote access to an unsolicited caller. Legitimate tech support doesn’t cold-call you.
  • Gift cards are not payment. No real company, agency, or bank accepts gift cards as payment or refund processing.
  • Check URLs carefully. Phishing sites often use misspellings (amaz0n.com) or extra words (amazon-support-verify.com).
  • Use a password manager. It won’t autofill your credentials on a fake site because the domain won’t match.
  • Enable two-factor authentication on Amazon, email, and banking accounts.

If you’ve been targeted, report it to the FTC at reportfraud.ftc.gov and, if money was lost, contact your bank immediately. The more reports filed, the easier it is to shut these operations down.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top