Tips to help protect against tech support scams
Tech support scams happen when criminals try to trick individuals into believing there is a problem with their computer, accounts or devices. Learn tips to help protect yourself.
Updated 
6 min. read
Tech support scams happen when criminals try to trick individuals into believing there is a problem with their computer, accounts or devices so they can ultimately access personal information, steal funds or spread malware. Often, fraudsters will pose as IT staff or helpdesk employees to convince their targets that they need to pay money, give up identifying information, or allow remote access to fix a supposed issue.
Although tech support scams are a longstanding threat, they have only grown more common and costly in recent years. In fact, service-related fraud – which includes tech support scams – was the second most-common type of fraud reported in Canada in 2024 according to the Canadian Anti-Fraud Centre, with 3,831 victims reporting CDN$19.8 million in losses. In the U.S., the FBI’s 2024 IC3 Report found that tech support scams led to more than USD$1.46 billion in losses in 2024, an increase of 58% in dollars lost from the year prior. That made tech support scams the third-most costly type of fraud.
These scams have been particularly harmful for older adults. Tech support scams were the No. 1 complaint submitted to the FBI by people over 60 in 2023, and the U.S. Federal Trade Commission reported in October 2024 that customers who were 60 and older were five times more likely to be victims of a tech support scam than people aged 18-59, with older consumers reporting $175 million in losses.
Read on for tips to help protect yourself from tech support scams.
What are tech support scams?
Tech support scams involve scammers posing as technical (tech) support staff through a variety of channels to trick people into believing there is a problem with their computer, device or account.
These techniques, often described as social engineering, exploit human psychology and qualities such as politeness and curiosity.
The scammers may call you posing as representatives from trusted organizations, send messages via email or text that look like they are from companies you know, or employ website pop-ups to trick you into thinking there is an issue with your account or device.
They may say that a virus has been detected on your computer or that your account has been taken over. They may ask for payment to help fix these nonexistent problems or request remote access to your computer, which they could use to steal your personal information or install malicious software.
This type of fraud targets both individuals and businesses.
Types of tech support scams
Tech support scammers use different tactics to trick people into giving up personal information, funds or remote access to their computers or devices.
Fake emails/text messages
Scammers use phishing emails and text messages to convince you that your device, account or data has been somehow compromised.
The fake messages could look like they came from the IT helpdesk department of your bank or another trusted organization. To resolve the supposed issue, the message could instruct you to click a link to a website that would have a URL and layout that would resemble the website of a company you know but would in fact be designed to capture your personal information.
In other cases, these fake messages could include a phone number for a “helpdesk” that is in fact operated by fraudsters. If you call them, they could request payment, try to persuade you to give up sensitive information, or direct you to install malicious software.
ClickFix attacks
ClickFix scams are an increasingly damaging type of tech support scam. According to recent reporting, ClickFix attacks surged by more than 500% in the first half of 2025, making them the second-most common attack method after phishing.
In ClickFix attacks, fraudsters compromise or spoof legitimate websites (such as industry tools or password-reset pages) or send phishing emails displaying messages asking you to verify you are human, resolve an error, or troubleshoot your session.
The malicious site then instructs users to:
- Press Win + R to open the Command Prompt or PowerShell.
- Copy and paste a long, unfamiliar command.
- Run a script to “fix” the issue.
If you follow these instructions, these commands can allow fraudsters to install malware, steal credentials, or take remote control of your devices.
Phone calls
Fraudsters are calling individuals and claiming that they work for a reputable company such as a bank, retail company, or phone/internet provider, saying that they have detected a problem with the user’s account or device.
The fraudster may ask for payment to resolve the supposed issue or request personal information, which they will say is to confirm an identity but in fact could be used to access accounts and funds.
In other cases, the fraudster may say they need remote access to the individual’s computer to help fix the problem. Once they have access, they could install malware, transfer funds from the victim’s accounts, or steal their personal and financial information.
Pop-ups
Tech support scams can also start with malicious pop-ups in your web browser.
These pop-ups could be made to resemble computer error screens or warning notices from well-known antivirus software companies. The pop-ups may claim that your computer is infected, your data is compromised, or your IP address has been blocked.
The goal of these fraudulent ads is to convince targets to click malicious links or call a fraudster-operated phone number for help.
What to look out for:
Any unsolicited requests from a customer service agent alerting you that something is wrong with your account and that they need to help you.
Requests that involve a sense of urgency or consequences for not responding quickly.
Requests that involve providing or confirming any kind of personal or financial information (including credit card information).
Requests that involve persuasion, pressure, or manipulation.
Requests that involve visiting a website, downloading an app, or providing remote access to your device.
How to help protect yourself from tech support scams
Legitimate tech support providers will not call, text, or email you unless you reach out to them first. If you receive an unsolicited phone call, text message, email or screenshare request about a problem with your computer or accounts, hang up or do not engage. If you’re unfamiliar with the caller or sender, do not reply, respond or communicate at all. Hang up immediately and call the company using a trusted phone number, such as the number on a legitimate company website.
Never give out any personal information, especially non-publicly available information such as account numbers, passwords, PINs, verification codes (one-time passcodes) or bank card and credit card numbers.
Remember: BMO will never contact you via unsolicited email, text, or phone call to ask for sensitive information, passwords, PINs, or verification codes.
Don't click on links from unknown or suspicious sources.
Never click on a pop-up ad or call a phone number in a pop-up or website warning you of issues with your computer; close the pop-up or website immediately.
Delete any emails claiming there is a problem with your computer, ensuring you do not click on links or open attachments.
Slow down and avoid any urgent requests, as this is a common tactic in most scams, including tech support scams.
If you think there is a problem with your computer:
Update your operating system.
Install a reputable antivirus security software and run a scan.
Consult a knowledgeable friend, family member or reputable computer repair shop.
Never log into financial accounts when using screen sharing or online remote access programs.
Review emails and URLs carefully. Emails and websites can look like they are from trusted companies, but if you review the email and URL carefully, you’ll notice a small difference like one extra letter, a period, or a .net instead of .com.
Do not provide or update personal information through links or URLs received via call, text message or email.
Bookmark the login page of legitimate company sites you visit regularly, such as BMO's Online Banking, rather than using a search engine to locate them.
Do not pay for tech support services using gift cards, wire transfers or cryptocurrency as reputable companies do not accept such forms of payment.
Keep your antivirus, web browsers and browser extensions up to date.
Red flags of a ClickFix attack:
- Fake CAPTCHA or verification screens that look normal at first (checkbox, puzzle, verification box) but then tell you to run commands, download a “fix,” or troubleshoot an error.
- Instructions to paste a command or code into an application on your computer.
- Weird pop‑ups on normally safe websites.
- Messages claiming your browser or session is broken.
How to help protect yourself from a ClickFix attack:
1. Never run commands from websites or emails.
- This includes instructions to use: Win + R; cmd.exe /c; PowerShell; mshta; or any copy-and-paste “fix.”
- If a website or email tells you to run a command, stop immediately. No legitimate website will ever ask you to fix a problem by running a command.
2. Close any webpage that asks you to:
- “Verify you are human” using anything other than a standard CAPTCHA such as a checkbox or typing characters from a distorted image.
- Run a program or “script.”
- Copy text into your system.
- Download a file unexpectedly.
- Give remote access or install tools.
- If something feels off — even on a trusted website — close the browser immediately.
The bottom line
With tech support scams, fraudsters use scare tactics and social engineering to trick victims into installing malicious software or giving up money, personal information or access to devices. Although these scams frequently target older adults, anyone can be a victim. Consider following the tips and best practices in this article to help stay safe from tech support scams.