Fake 'Virus Detected' Scam and Bogus Tech Support

The fake tech support scam is the second most reported threat by individuals on Cybermalveillance.gouv.fr, accounting for 12% of assistance requests in 2024 (source: Cybermalveillance.gouv.fr activity report, March 2025). The scenario is always the same: an alarming message appears on your screen, you call a number, and a fake technician takes your money. This guide explains how it works and how to protect yourself.

This scam is particularly effective because it exploits two powerful levers: the fear of losing your data and your trust in major brands like Microsoft or Apple. But once you understand the mechanism, the deception becomes obvious.

How the scam works, step by step

Step 1: The blocking screen

It all starts when you are browsing the internet. By clicking on a link, an advert, or visiting a compromised site, a page suddenly appears and takes over your entire screen. It displays:

• An alert message in red or blue imitating a Windows screen
• Mentions like “VIRUS ALERT”, “YOUR PC IS INFECTED”, “CRITICAL THREAT DETECTED”
• A phone number to call “immediately”
• Sometimes beeping sounds or a synthetic voice repeating the message

The page is designed to prevent you from closing it easily: it reloads when you click the close button, goes full screen, generates pop-ups in a loop.

What you need to know: Your computer is not infected. It is simply a web page designed to scare you. Your computer is working normally. There is no virus.

Step 2: The call to the fake technician

If you call the number displayed, a “technician” answers. They introduce themselves as an employee of Microsoft, Windows, Apple or your internet provider. They are calm, professional, and use technical jargon to impress you.

They ask you to open certain menus on your computer and “show” you normal system files, claiming they are traces of viruses. For example, the Windows Event Viewer always displays minor warnings and errors: the fake technician presents these as evidence of a serious infection.

Step 3: Remote control

The fake technician then asks you to install remote control software (AnyDesk, TeamViewer or similar). These are legitimate programs used by real IT professionals, but in this context, they give the fake technician full access to your computer.

Once connected, they can:

• See everything on your screen
• Control your mouse and keyboard
• Access your personal files
• Install malicious software
• Copy passwords saved in your browser

Step 4: Payment

The fake technician tells you they found “multiple serious infections” and offers a “repair package” or “protection subscription”. Prices typically range from 150 to 500 euros.

Payment is made by bank card (they ask for the number by phone or direct you to a payment page) or by purchasing prepaid cards whose codes they ask you to read out.

Testimonial: Jacqueline, 72, Montpellier, November 2025: “The screen froze with beeping. I called the number. The man was very polite and told me my computer was seriously infected. He took control of my PC and charged me 299 euros by card. The next day, I saw another charge of 199 euros.” (source: Cybermalveillance.gouv.fr, anonymised testimonials)

Balanced testimonial: Bernard, 65, Nantes, December 2025: “I got the blocking page but recognised the scam because my grandson had told me about it. I just turned off and restarted the computer. But I understand it can be frightening when you don’t know.” (source: digital workshop, Nantes library)

How to close the blocking page

On a Windows computer

Method 1: Task Manager

1. Press Ctrl + Alt + Delete simultaneously
2. Click “Task Manager”
3. In the list, find your browser (Chrome, Firefox, Edge)
4. Select it and click “End Task”

Method 2: Force close the browser

1. Press Alt + F4 (this closes the active window)
2. If that is not enough, use the Task Manager (Method 1)

Method 3: Turn off the computer If nothing works, hold the power button on your computer for 5 to 10 seconds. The computer will shut down. Restart it normally.

On a Mac

1. Press Cmd + Q to quit the browser
2. If that does not work, press Cmd + Option + Esc, select the browser and click “Force Quit”

On a tablet or phone

1. Close the browser app (swipe up or press the square navigation button)
2. Reopen the browser
3. If the page reappears, delete the browser history and data in settings

After closing the page

When you reopen your browser, it may offer to “restore previous tabs”. Do not do this — it would reopen the fraudulent page. Choose to open a new page instead.

What to do if you have already called and paid

If you have been a victim of this scam, here are the steps to follow in order of priority:

1. Disconnect your computer from the internet

Unplug the Ethernet cable or disable WiFi. This immediately cuts the fake technician’s remote access.

2. Contact your bank

Call the number on the back of your bank card to:

• Report fraudulent payments
• Cancel your card if necessary
• Request a chargeback for card payments

According to the banking federation, chances of reimbursement are higher if you act within 48 hours.

3. Uninstall software installed by the fake technician

Common software installed by scammers includes:

• AnyDesk
• TeamViewer
• SupRemo
• ConnectWise (ScreenConnect)

To uninstall on Windows:

1. Go to Settings > Apps > Installed Apps
2. Search for the software name
3. Click “Uninstall”

4. Change all your passwords

From another device (phone or tablet), change passwords for:

• Your email (this is the priority)
• Your online banking
• Your health service accounts
• Your social media
• Any other important service

The fake technician may have accessed passwords saved in your browser.

5. Have your computer checked

Have your computer analysed by a trusted professional. Look for certified cybersecurity professionals in your area. They will check that the scammer did not install spyware.

6. File a report

• Report to police: file a report at your local police station or online
• Report the scam: use your national fraud reporting platform (Action Fraud in the UK, Pharos in France)
• Get assistance: contact your national cybercrime support service for diagnosis and guidance

How to protect yourself in the future

Install an ad blocker

Fake tech support pages are often distributed via malicious ads (known as “malvertising”). An ad blocker prevents these ads from appearing.

Recommendation: uBlock Origin is a free, open-source ad blocker recommended by many security experts. It is available for Chrome, Firefox and Edge.

How to install:

1. Open your browser
2. Go to the extension store (Chrome Web Store, Firefox Add-ons, etc.)
3. Search for “uBlock Origin”
4. Click “Add” or “Install”

According to a University of California San Diego study published in 2024, ad blockers reduce exposure to phishing and scam pages by 75% (source: UCSD, “Impact of Ad Blockers on Web Security”, 2024).

Keep your browser up to date

Modern browsers (Chrome, Firefox, Edge, Safari) include protections against malicious sites. These protections are updated regularly. Check that automatic updates are enabled.

Only install software from trusted sources

Only download software from the official publisher websites or from the Microsoft Store / App Store. Avoid third-party download sites that may bundle adware with their installers.

Keep your antivirus active

Windows Defender (built into Windows 10 and 11) provides sufficient protection for most users. Check it is active in Settings > Privacy & Security > Windows Security.

If you want additional antivirus, the free versions of Avast or Bitdefender offer good protection according to independent lab tests (source: AV-Test.org results, February 2026).

How to tell a real security alert from a fake one

It is important to know the difference between a fake scam alert and a genuine security notification.

Real Windows Defender alerts

Windows Defender can display legitimate alerts. They appear:

• In the Windows Notification Centre (small bell in the bottom right of the screen)
• In the Windows Security app (accessible via Settings)
• Never in your internet browser
• Never with a phone number to call

Fake alerts (scam)

Fake alerts appear:

• In your browser (it is a web page, not a system alert)
• With a phone number to call
• With beeping sounds or an alarming voice
• In full screen with difficulty closing the window
• With messages like “Call immediately” or “Do not close this window”

The golden rule: if a virus alert appears in your internet browser with a phone number, it is a scam. Always.

Protecting a relative: practical advice

If you want to protect a parent or elderly relative, here are concrete actions:

1. Explain the golden rule: “If you see a virus message with a phone number in your browser, it’s fake. Turn off the computer and call me.”

2. Install uBlock Origin on their browser to block malicious ads.

3. Stick a visible Post-it near their screen with the reminder: “Microsoft never calls. Virus message = fake. Call [your name + number].”

4. Do an exercise together: show them how to close the browser with Ctrl+Alt+Delete or Alt+F4.

5. Reassure them: if it happens, there is no shame. Scammers are professionals who fool thousands of people, including technically competent individuals.

Useful numbers and websites

Resource	Contact	Usage
Action Fraud (UK)	0300 123 2040	Report fraud (UK)
National cybercrime support	Your national platform	Diagnosis and help
Your bank	Number on the back of your card	Cancel card if payment made
Police	Local police or online reporting	File a report

Conclusion: don’t panic, the right response is enough

The fake tech support scam is stressful but, contrary to what the scammers want you to believe, your computer is not in danger. The blocking page is just a website designed to scare you.

The only response to remember: if a virus message with a phone number appears in your browser, close the browser (Ctrl+Alt+Delete or turn off the computer). Never call the number.

And if you or a relative have been a victim, do not feel ashamed. Contact your bank and report the scam. Help exists and recourse is available.

---

Editorial note

Sources consulted: Cybermalveillance.gouv.fr 2024 activity report (published March 2025), French Banking Federation (“Bank Fraud” guide 2024), UCSD (“Impact of Ad Blockers on Web Security” 2024), AV-Test laboratory (results February 2026), signal-arnaques.com forum, digital workshops in libraries.

Limitations of this guide: Scammers’ techniques evolve. New variants use proactive phone calls (the scammer calls you directly pretending to be from Microsoft) in addition to blocking pages. The remote control software mentioned are legitimate tools that can be used for fraudulent purposes; their presence on your computer does not necessarily mean you have been scammed. Bank reimbursement procedures vary by institution.

Verification date: 26 March 2026

Conflicts of interest: none

Questions fréquentes

Can Microsoft call me to report a virus on my computer? ▼

What should I do if a blocking page displays 'virus detected' with a phone number? ▼

I gave control of my computer to a fake technician, what should I do? ▼

How much does a fake tech support scam cost on average? ▼

How can I protect my elderly parents from this scam? ▼