Fake tech support: the only thing they fix is your bank account

An employee receives an alarming pop-up: "Your Windows system is infected! Call technical support immediately." In a panic, they call the number displayed. A professional "technician" asks them to install remote access software to "diagnose" the issue. Minutes later, dozens of fake viruses appear. They're asked to pay $375 to "clean" their computer. They pay by credit card. The following week, their bank contacts them: fraudulent transactions were made with their card.

This story, from the newsletter OUCH! by SANS Institute (January 2026), illustrates a scam that is increasingly common in Quebec. Here's how to recognize it and protect your business.

What is a fake tech support scam?

Fake tech support scams occur when criminals convince a person that something is wrong with their computer, phone or online accounts — and that they need urgent help from "tech support." The scammers impersonate well-known companies like Microsoft, Apple, Google or even your bank.

These scams often start with:

• Alarming pop-ups in the browser claiming your system is infected
• Unsolicited phone calls claiming to be from Microsoft support or an IT provider
• Emails or text messages claiming your account has been compromised
• Fake update alerts from the browser or operating system

Regardless of the method, the goal is always the same: create panic and force you to act immediately.

What the scammers want

According to the SANS Institute, fake tech support scammers target three things:

1. Your money

They charge for "fixing" nonexistent problems. Payments are often requested via gift card, wire transfer or cryptocurrency — methods that are hard to trace and impossible to reverse.

2. Your personal information

Under the pretext of "verifying your identity" or "processing a refund," they ask for your name, address, passwords or banking details.

3. Access to your devices and accounts

By convincing you to install remote access software (TeamViewer, AnyDesk, etc.), scammers can spy on your activity, steal your files or install real malware for future attacks. Even if you realize it's a scam and disconnect, they may already have your data.

How the scam works — in 3 steps

These scams rely onsocial engineering : the manipulation of emotions to create fear and urgency.

1. The hook (fear): A pop-up, text message or call alarms you with threatening language — "Your data will be lost!", "Your account will be suspended!"
2. Trust: The scammer presents themselves as a professional from a well-known company, using official logos and spoofed phone numbers.
3. Control and payment: You're asked to install software or click a link. The scammer takes control of your device, then charges for "repairs" or "protection services."

How to protect your business

1. Stay calm and think

Legitimate companies never display pop-ups with phone numbers and never call you unsolicited to report a problem. If something seems urgent or scary, take a pause and verify independently.

2. Never call a number displayed in a pop-up

If an alert message appears in your browser, close the browser (use Ctrl+W or Alt+F4 if necessary). Never interact with the number or link displayed.

3. Never give remote access

Never ever allow an unknown person to remotely access your devices or accounts. If someone contacts you pressuring you to give them access, it's a scam. Your real IT provider will never ask you this way.

4. Secure your accounts immediately if you are a victim

If you think you interacted with a scammer:

• Change all your passwords immediately
• Contact your bank to report suspicious transactions
• Uninstall any remote access software installed during the incident
• Have your workstation analyzed by your trusted IT provider
• Report the fraud to the Canadian Anti-Fraud Centre

Advice for SMB leaders

This type of scam doesn't just target individuals. Your employees can receive these pop-ups and calls during work hours, on workstations containing sensitive company data. Here's what you can do:

• Train your employees with regular social engineering awareness training
• Establish a clear procedure : when in doubt, contact the IT department or your MSP provider — never a number displayed in a pop-up
• Deploy DNS filtering to block malicious websites before they display these pop-ups
• Enable multi-factor authentication (MFA) on all critical accounts to limit damage in case of credential theft

FAQ

Can Microsoft or Apple really call me to report a problem?

No. Microsoft, Apple, Google and other major tech companies do not make ever unsolicited calls to report technical problems. Any such call is a scam.

Can a pop-up in my browser be a real security warning?

Real security warnings come from your antivirus or operating system — not from your web browser. A browser pop-up asking you to call a number is always fraudulent.

What should I do if an employee has already given remote access to a scammer?

Immediately disconnect the workstation from the network, change all passwords from another device, and contact your IT provider for a complete analysis of the workstation. Report the incident to the Canadian Anti-Fraud Centre.

How can a managed IT provider (MSP) help prevent these scams?

An MSP deploys DNS filtering, awareness training, proactive monitoring and policies that prevent the installation of unauthorized software. If an employee has a doubt, they contact the MSP rather than an unknown number.

This article is inspired by the newsletter OUCH! by SANS Institute (January 2026), published under Creative Commons BY-NC-ND 4.0 license. Download the full PDF (FR).