What to do after a fake tech support call, pop-up, or remote access scam

A tech support scam usually starts by making you believe something is wrong with your device, account, subscription, payment, or security software. The goal is to get you on the phone, inside a remote-access session, or into a payment before you can verify what is real.

The safest response depends on what happened. Seeing a scary pop-up is different from letting someone control your screen. Calling a number is different from opening your bank account while the caller is watching. Use the closest situation below, then keep reading for the details that matter most.

Remote access changes the risk

Tech support scams are not only about a fake virus warning. The bigger question is whether someone controlled your screen or watched while you used your accounts. Remote access lets another person move the mouse, type, open windows, and sometimes transfer files or install software.

That does not mean they definitely stole everything. It means you should focus on what they could actually see or touch. A browser tab with your bank open matters more than a blank desktop. An unlocked password manager matters more than a closed app. A work laptop matters differently from a personal tablet.

• Browser tabs: banking pages, email, shopping accounts, payment apps, cloud storage, or admin panels.
• Email: password reset messages, security alerts, sent mail, deleted mail, and forwarding rules.
• Saved access: browser-saved passwords, unlocked password managers, app passwords, and connected apps.
• Files and photos: tax forms, IDs, account statements, private photos, or documents in cloud folders.
• Settings: recovery email, recovery phone, two-factor settings, remote-access permissions, startup items, and browser extensions.

If money was paid

Contact the payment provider first. ScamClarity can explain common next steps, but the provider controls whether a card can be replaced, a charge can be disputed, an account can be locked, or a transfer can be reviewed.

• Credit or debit card: call the issuer, ask about dispute options, card replacement, recurring charges, and account monitoring.
• Gift card: keep the card and receipt, then contact the gift card issuer quickly. Do not send the card photos to anyone else.
• Bank transfer, wire, Zelle, or payment app: contact the bank or app support through the official app or website and ask what can be stopped, reversed, or documented.
• PayPal or an invoice platform: open the official app or website yourself and report the transaction there.
• Crypto: save the wallet address, transaction hash, amount, date, and platform. Recovery promises are often another scam.

If the caller says you were refunded too much, that is a common refund-scam move. Do not send money back, buy gift cards, move money to a safer account, or transfer funds to a person who is still on the phone with you.

If personal or account information was visible

A remote-access session can expose information even if you never typed it into a fake form. Treat anything open, unlocked, copied, photographed, or spoken aloud as possible exposure. Focus on the most useful account checks first.

• Banking or card screens: contact the financial provider and review recent and pending activity.
• Email inbox: check recovery settings, forwarding rules, deleted messages, sent messages, and recent sign-ins.
• Password manager or browser passwords: change the accounts that were visible or autofilled and review connected devices.
• SSN, tax forms, IDs, or identity documents: use IdentityTheft.gov if identity theft or misuse applies.
• Cloud files, photos, or backups: check account sessions, sharing settings, recent activity, and unfamiliar devices.

What not to do now

• Do not call the same number back, even if the caller sounded professional.
• Do not reconnect remote access for a refund, cancellation, cleanup, or security check.
• Do not pay a recovery service that promises to get money back.
• Do not share more one-time codes, passwords, card numbers, or bank details.
• Do not trust a refund promise from the same caller or company name used in the scam.
• Do not use the suspicious pop-up, invoice, or email to verify the company.
• Do not wipe the device before saving payment evidence if you need to report or dispute the fraud, unless a trusted provider tells you to.

Where to report a tech support scam

Report through official channels. ScamClarity is not a government reporting destination and cannot recover money. The right place depends on what happened.

• FTC ReportFraud: consumer fraud, fake tech support, fake invoices, and impersonation reports.
• FBI IC3: internet-enabled crime or fraud, especially when remote access, wire transfers, crypto, or large losses are involved.
• Bank, card issuer, payment app, wire company, gift card issuer, PayPal, or crypto platform: payment disputes, account locks, transaction review, and card replacement.
• Microsoft or Apple official support: account security or brand impersonation involving those accounts or devices.
• Remote-access provider abuse reporting: suspicious use of a remote-access tool, if the provider offers a reporting channel.
• Work or school IT: any managed device, managed account, employer email, school login, or internal system.
• Local police or 911: threats, immediate danger, local theft, or someone trying to pick up cash, gold, cards, or devices in person.

Official sources used

The FTC sources support the fake pop-up, fake support call, payment, and reporting guidance. FBI and IC3 sources support internet-enabled crime reporting, evidence retention, and remote-access risk. Microsoft and Apple sources support the guidance about official support channels, fake warning messages, passwords, codes, and account security.

FAQ

Does Microsoft or Apple call about viruses?

Treat an unexpected call about a virus, hacked device, expired security software, or urgent account problem as suspicious. Microsoft and Apple both direct users to official support channels and warn against unsolicited support calls or suspicious pop-ups.

Is a fake virus pop-up proof my computer is infected?

No. A scary pop-up can be a web page designed to make you call. Close the browser or restart the device. If you downloaded something, installed software, or the warning returns outside the browser, check the device more closely.

What if I called but did not give access?

End the contact and do not call back. Review whether you shared a password, code, payment detail, address, or other private information. If you only talked and shared nothing sensitive, the main risk is follow-up pressure.

What if I gave remote access?

Disconnect, remove the remote-access software, and focus on what was visible or open. Change exposed passwords from a trusted device, contact financial providers if money or bank screens were involved, and contact work or school IT for managed devices.

Should I reset my computer after a tech support scam?

Not always. Start by disconnecting remote access, removing the tool, scanning with trusted security software, and reviewing what changed. A reset may be appropriate if unknown software remains, access keeps returning, or a trusted support provider recommends it.

What if the scammer saw my bank account?

Contact the bank using the official app, website, statement number, or card number. Tell them a scammer viewed the account during a remote-access session and ask what should be monitored, blocked, replaced, or documented.

Can I get money back after paying fake tech support?

It depends on the payment method and how quickly you contact the provider. Cards and some platforms may have dispute or replacement options. Gift cards, wires, payment apps, and crypto can be harder. Do not pay anyone who promises guaranteed recovery.

Where do I report a tech support scam?

Use ReportFraud.ftc.gov for consumer fraud and IC3.gov for internet-enabled crime or fraud. Also contact the bank, card issuer, payment app, device maker, remote-access provider, employer, or school when their account, payment system, or device was involved.