What Happens When You Call a Fake Tech Support Number

Scam baiting — the practice of engaging scammers while documenting their methods — has produced an extraordinarily detailed picture of how fake tech support calls unfold. Whether the initial contact comes through a browser popup, a cold call, or a malicious advertisement, what follows is a rehearsed, professionalized fraud operation with distinct phases.

Understanding each phase is the best tool your elderly family members have for recognizing a scam while still in it — before any money changes hands.

Phase 1: Building Rapport (Minutes 1-5)

The call opens professionally. A pleasant-sounding agent gives a Western name, references the company they supposedly represent, and asks politely how they can help. The tone is calm, patient, and reassuring. If you called from a popup, they ask what you saw on screen. If they called you, they explain they detected issues "from Microsoft's servers."

During this phase, they collect your name and confirm your operating system. They ask about symptoms you may have noticed — slowness, unusual popups — to make the diagnosis feel tailored and real. The rapport-building is designed to establish the emotional foundation of a legitimate technical support relationship.

Phase 2: The Manufactured Diagnosis (Minutes 5-15)

This is the technical deception at the core of the scam. The agent directs the victim to open Windows built-in tools. The most common is Event Viewer, accessed by typing eventvwr.msc in the Start menu. Event Viewer displays a log of system events — and on every Windows computer, this log contains hundreds of "Warning" and "Error" entries.

These entries are completely normal. They document everything from applications failing to close cleanly to hardware driver updates. Scammers point to them as evidence of critical infections, malware, or hacker activity. To someone who has never seen Event Viewer before, it genuinely looks alarming.

They may also use the netstat command to display active network connections, claiming the IP addresses visible represent hackers currently connected to the machine. In reality, these are routine connections to update servers, CDNs, and legitimate services.

"The Event Viewer trick works because it looks genuinely alarming to someone who does not know what it means. There are always hundreds of red errors on every computer — it is completely normal. But to an untrained eye it looks like a computer on fire."

Phase 3: Remote Access (Minutes 15-20)

After establishing that the computer is in crisis, the scammer offers to fix it. They ask the victim to download a remote access tool — AnyDesk and TeamViewer are most common — and read them the connection code. Once inside, they have complete control.

With access, scammers typically:

• Move the mouse rapidly to simulate working
• Open Command Prompt and run commands that produce output without doing anything
• Navigate to the victim's bank website, claiming to check for unauthorized transactions
• Look at browser-saved passwords
• In some cases, install actual malware for future use

Phase 4: The Offer (Minutes 20-40)

With diagnosis complete, the scammer presents the bill: a protection plan ranging from $199 to $999 or more. If the victim hesitates, the pressure escalates. The hackers are stealing data right now. The computer will be permanently disabled within hours. Bank accounts are being accessed. The urgency is artificial but relentless.

Phase 5: Payment

Gift cards are preferred — Google Play, iTunes, Amazon. The scammer asks the victim to go to a store, purchase cards, and read the codes over the phone. Wire transfers and cryptocurrency ATMs are used for larger amounts. Once payment is made, money is laundered within minutes and recovery is essentially impossible.

What To Do If You Recognize This Pattern

The moment any step in this sequence feels familiar, hang up immediately and close any remote access software. If remote access is open and you cannot close it, disconnect from WiFi or unplug the ethernet cable.

If your parent has already gone through this and paid, see our guide on what to do if your parent already called a scam number. For prevention, read our breakdown of how to recognize a Microsoft tech support scam.