LEGALAUDIT
Cyber Coach

Social engineering

Fake Microsoft/Apple tech support

A popup locks the browser, a hotline to call, a technician asking for AnyDesk. Classic decade-old scam sequence.

8 min readBeginner

Red flags to recognize

  • Loud popup saying 'Your computer is infected, call 800-XXX immediately'
  • Browser locked fullscreen with a fake Microsoft/Apple message
  • Technician in broken English or Italian asking to install AnyDesk, TeamViewer or UltraViewer
  • Request to open the command prompt and read out 'system errors'
  • Pressure to install 'cleanup tools' or pay for a 'support license'
  • Request for bank statement or last invoice as 'identity verification'
  • Asks you to buy iTunes/Steam gift cards to pay for support

What to do now

  • Microsoft and Apple never call about popup security issues
  • Force-close the browser (Task Manager / Activity Monitor)
  • Never install remote-control software on a caller's request
  • If you installed AnyDesk/TeamViewer: uninstall, disconnect network, run antivirus
  • If you gave bank access: block card, bank, disconnect Apple/Google ID
  • If you bought gift cards: contact Apple/Steam immediately to block unredeemed ones
  • Keep screenshots and call history for the report

Real case

Tech-support scam on a retiree, Liguria 2025

A retiree in Genoa sees a popup while reading an online newspaper: 'Windows: viruses detected, call 800-XXX-XXX immediately'. He calls. A 'Microsoft technician' with an accent asks him to install AnyDesk, then shows fake viruses by opening cmd and typing tree, netstat.

The 'technician' offers a 'certified cleanup' for 199 EUR. He accepts. While paying online, the technician watches via AnyDesk and immediately uses the card data on Amazon UK for 2,400 EUR in purchases. Three days later the same card receives payment attempts from Hong Kong.

Mythos analyzed the popup screenshot: domain registered the day before, fingerprint identical to 30+ campaigns flagged by national CERTs. The dossier enabled partial Visa chargeback and a criminal complaint for aggravated fraud.

What Mythos can do on this case

  • Forensic popup screenshot analysis (domain, fingerprint, age)
  • Called-number verification (country, operator, known flags)
  • Analysis of commands shown by the fake technician (known patterns)
  • Cross-check with active tech-support scam campaign clusters
  • Dossier for bank chargeback and criminal complaint

Next steps

Analyze popup and call with MythosLesson: when the phone lies