Beware of fake Microsoft ‘spyware alert’ pop-ups on your computer

Tech support scam claims your device has been compromised by a virus
Tali Ramsey

Scammers are impersonating Microsoft in pop-ups claiming your computer has been infected with spyware.

These pop-ups appear out of the blue on your screen and ask you to call a phone number for support. If you do this, you’ll be contacting a scammer who will encourage you to download remote access software, allowing them to take control of your computer.

If a pop-up appears on your screen, don’t call any phone numbers or click on any links. 

Read on to find out how this scam works and for advice on what to do if your device is targeted.

Outsmart the scammersour free scam alert service can help you spot and avoid the latest scams

Microsoft ‘spyware alert’ pop-up scam

A small pop-up appears on your screen. It claims ‘a virus has been detected on your device’ and states ‘your personal and financial information is at risk’. It includes a fake number to contact Microsoft’s customer support department. The pop-up includes two buttons – one reading ‘deny’ and the other ‘support’. Clicking on either option may result in malware being downloaded onto your device.

Behind this small pop-up is a larger one that states: ‘Microsoft security – spyware alert’. It informs you that your device is infected with a ‘Trojan:S Locker’ virus, which 'could result in a loss of personal and stored data’, ‘confidential information leak’ and ‘browser errors’.

On its website, Microsoft states that genuine error and warning messages never include a phone number and that you should only download software from official Microsoft partner websites or the Microsoft Store.

What happens if you call the scammer?

We’ve seen reports of a couple of different outcomes for people who called the number on these pop-ups.

One victim said the person on the other end of the line told them ‘illegal content’ had been downloaded on their computer and requested remote access to the device to ‘fix’ the issue. While in control of the computer, they asked the victim to access their bank account to check for any unauthorised transactions.

Another victim was told their device would be scanned while on the call. The scammer said the victim's financial information had been compromised and they would connect to their bank using a ‘secure’ line. The representative of the ‘bank’ was another scammer who informed the victim they must move their money into a bitcoin account to secure it.

How to remove a dodgy pop-up

If one of these pop-ups appears on your screen, close the browser and shut down your device. Some victims have reported their screens being frozen – if this happens, hold down the power button on your computer to turn it off.

You might have received the pop-up because your device has been infected with malware or you’ve inadvertently visited a dodgy website in the past. Once you’ve turned your computer back on, conduct a scan using your antivirus software before going online again.

What to do if you’ve given a scammer access to your device

If the remote access software is still running, press the disconnect button. Next, shut down your device and turn your wi-fi off at the router.

When you switch the device back on, remove the software. You should be able to find it under your recent downloads. Check for any new programs or files installed by the scammer. Finally, reset the passwords for any accounts you access using the device.

If you’ve lost money to this scam, call your bank immediately using the number on the back of your card and report the scam to Action Fraud.

More on this

Related articles