No, it's not actually Apple or Microsoft that appears on your screen telling you that your computer is infected.
They are scammers trying to get you to contact them and divulge sensitive information, which may include passwords, bank or credit account information, or Social Security numbers.
“They use the brand reputation (for legitimacy purposes) to make it seem more authentic,” said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. “Who doesn’t know Microsoft or Apple as a brand?”
Consumers are likely to see more of these types of scams now, following Apple’s recent release of its new iPhone. Scams tend to spike when a new product or release is released because it’s easier for headline-grabbing scammers to strike while the iron is hot, said Nati Tal, president of Guardio Labs, which identifies, monitors and mitigates online security threats. “In a very short period of time, they’re going to get tons and tons of potential victims.”
Scams can affect anyone, but as has been the case with other tech-related consumer crime waves, such as Bitcoin ATM fraud, seniors are particularly vulnerable. Last year, nearly 18,000 victims aged 60 or older reported tech support scams to the FBI’s Internet Crime Complaint Center, making them the most prevalent type of senior fraud in 2023. Fraud losses from tech support scams against seniors totaled $590 million in losses — and that’s just the reported cases.
These types of scams are becoming harder to spot due to AI, especially when the scheme uses a well-known company’s logo to appear legitimate. Here’s what people need to know to protect themselves from scams targeting trusted and popular tech brands:
Never assume that any online advertisement is genuine.
People can be tricked in several ways. One such way is through malicious advertising, where bad actors pay for ads on search engines like Google or Microsoft’s Bing. These fraudulent ads can appear as sponsored content, or in small print as an ad, during a search engine query.
For example, a consumer searching for “Microsoft support” might be presented with a fake Microsoft ad with a number to call. By calling that number, people fall into the scammers’ trap, according to Malwarebytes, which has identified a number of such schemes. Malwarebytes also uncovered a malicious ad campaign targeting Mac users searching for support or an extended warranty from Apple.
“People are having a lot of problems with their computers and looking for help, but often the numbers they find are a scam number and not a real number,” said Jerome Segura, Senior Research Director at Malwarebytes.
Pop-ups and emails from brands you know are often suspicious.
Tech scams also lure uninformed consumers with phishing emails offering renewal offers that appear to come from legitimate sources, including Microsoft, McAfee, PayPal, and Norton. These emails may be infected with malware if users click on a link, or they may be fraudulent attempts to obtain more information from the individual. Sometimes, simply opening the attachment can infect a consumer’s computer with malware.
Another type of tech support scam occurs when a window appears on the user's computer warning of an “infection.”
There is often a voice recording associated with this type of scam to instill a sense of urgency in consumers to call the number listed in the pop-up window. There may also be a button that says “Return to Security,” but when clicked, the regular browser window — with the address bar and window title visible — turns into a full-screen page, with a message about not restarting the computer because it is infected, Segura said.
“Imagine you are the user and you hear a constant voice in the background telling you that your computer is compromised. This is very stressful and will lead people to make a bad decision to call the fake phone number,” he said.
Once people call, they are often manipulated into sharing personal information such as their credit card number or giving scammers access to their computers.
How to Click Without Getting Into Trouble Online
First, consumers should avoid clicking on sponsored ads that they find while searching on Google or Bing. (Hint: These ads often appear at the top of the search results page, but they can also appear at the bottom, so look for the word “sponsored” or “ad” depending on the search engine.) Consumers should also avoid clicking on spam links sent in emails, even if they think they know the sender. And don’t open attachments unless you’re sure you know what’s being sent.
If a computer virus warning pops up, Segura said the general rule is to only click on the browser icons themselves, which are usually in the upper right corner. “Never click on any other 'X' within the web page itself, because they are fake,” he added.
If people click the X or click “Return to Safety,” the webpage will likely go to full screen mode. “If that happens, you should first exit full screen mode by long-pressing the Esc key on your keyboard, and only then can you finally exit with the X,” Segura said.
Internet browsers have basic protection, so make sure to keep your browsers up to date. You may also want to install a free or paid protection service that covers multiple types of threats.
What to do if you fall victim to a tech scam
The next steps depend on what information you shared with the scammers. For example, if you called a Microsoft or Apple number and provided usernames and passwords, change them. If you only shared your name, address, and phone number, you don’t need to do anything because that information is readily available to scammers through data brokers, Jim Roth, chief trust officer at identity security firm Saviynt, explained in an email.
Consumers who share their credit card number, expiration date and CVV code should call their credit card company's fraud hotline to report the incident and request a new credit card overnight.
If credentials have been shared with the fraudster for other online accounts, the password for each should be changed immediately. Consumers are also advised to freeze their credit with each of the three major credit bureaus, Equifax, Experian, and TransUnion. This is a good practice for all family members, especially children under 18, even in the absence of a specific threat. It is also advisable to file a fraud alert with one of the credit bureaus, which will pass the information on to all three credit bureaus.
Roth said people who are concerned about installing malware that doesn’t have antivirus protection should choose a reputable brand and install it. If they lack technical sophistication, they can contact Geek Squad or a similar service to scan their workstation and find the malware for removal. Consumers who have given scammers remote access to their computers should bring their devices to a service professional for help, he added.