How to Tell if That “Microsoft” Call Is Really a Scam - Integrity Technologies
Apply Now

How to Tell if That “Microsoft” Call Is Really a Scam

Summary:

  • Unsolicited tech support calls are scams. Hang up and do not share info.
  • Pop-ups or emails that tell you to call a number are red flags. Do not call them.
  • Set clear phone verification steps, train staff, and turn on multifactor authentication.

Introduction:
This guide focuses on phone and pop-up tech support scams that impersonate Microsoft. You will learn simple ways to spot the scam and steps your small business can take this week to block it.

Why it matters for small firms

Criminals use fake “Microsoft” calls to talk employees into granting remote access, paying fake fees, or moving money. Losses from internet crime reached more than $16 billion in 2024, according to the FBI’s Internet Crime Complaint Center (IC3). That total includes phone-based fraud and support scams that hit older adults and small businesses hard (FBI press release, April 23, 2025). (Federal Bureau of Investigation)

What attackers do and why it works

  • Cold calls that look local. Scammers spoof caller ID so it looks like a trusted company or nearby number. An unexpected support call about “viruses” is a scam. The FTC warns that these callers use technical jargon and pressure to make you act fast. (Consumer Advice)
  • Pop-ups with urgent phone numbers. Fake alerts claim your PC is infected and tell you to call immediately. The FTC says never call a number in a security pop-up and never move money to “protect it.” (Consumer Advice)
  • Remote access and payment tricks. Criminals try to install remote-control tools, then ask for gift cards or cryptocurrency, which are hard to recover. The FTC documents these tactics. (Consumer Advice)
  • Government or vendor name-dropping. Impersonation works because it borrows trust. CISA has warned about phone scammers posing as federal cyber staff and advises you to hang up and validate using a known number. (CISA)

How to fix it this week

  • Adopt a “no unsolicited support” rule. If anyone calls about a computer problem and you did not open a ticket, hang up. Tell staff to never share passwords or verification codes on such calls. The FTC recommends ending the call and blocking the number. (Consumer Advice)
  • Do not call numbers in pop-ups or emails. Close the tab, run your security scan, and contact your IT provider or software vendor using a number from their official website. The FTC says pop-ups that tell you to call tech support are scams. (Consumer Advice)
  • Create a phone verification workflow. Require employees to verify any support contact by: 1) ending the call, 2) locating the company’s public support number on its website, and 3) calling back. CISA guidance stresses not using contact info in the suspicious message. (CISA)
  • Limit remote access tools. Maintain an approved-tools list, restrict who can install them, and log every remote session. If a surprise call asks to install remote software, the answer is no. The FTC’s small-business guidance recommends controlling who logs in and what they can access. (Federal Trade Commission)
  • Turn on multifactor authentication (MFA). Enable MFA on email, admin accounts, and financial apps. CISA’s 2024 MFA tip sheet explains how MFA blocks account takeovers. (CISA)
  • Train your team. Hold a 20-minute briefing on tech support scams. Use NIST’s CSF 2.0 quick-start guides for small businesses to map training and response steps. (NIST)
  • Know where to report. If someone is targeted or you lose money, file with the FBI at IC3.gov and report to the FTC. These reports help stop call-center fraud. (IC3 Complaint Center)
  • Help affected employees recover. If anyone let a caller in, disconnect the device from the network, run a full malware scan, reset passwords, and call your bank or card issuer to dispute charges. The FBI outlines these immediate actions. (Federal Bureau of Investigation)

Costs, effort, and common pitfalls

  • Costs. Most fixes are process changes and free tools: staff training time, updating your phone verification script, turning on MFA, and tightening software install rights.
  • Effort. One hour to brief staff and roll out a call-back verification policy. Another hour to enable MFA for admins and finance.
  • Pitfalls to avoid.
    • Letting caller ID drive trust. Caller ID can be spoofed. Always verify by calling back on a published number. (CDC)
    • Calling numbers shown in pop-ups. Close the window instead and use your vendor’s official website. (Consumer Advice)
    • Paying with gift cards or crypto. The FTC says that payment demand is a scam signal. (Consumer Advice)

Compliance notes (if relevant)

  • FTC Safeguards Rule (GLBA). If your business is a covered “financial institution” under the Safeguards Rule, you must maintain a written information security program, designate a qualified individual, train staff, and implement access controls. A call-verification policy and MFA support those requirements. (Federal Trade Commission)
  • IRS Pub. 4557 for tax pros. Firms that prepare taxes must have a written data security plan and follow FTC Safeguards requirements. MFA, employee training, and incident procedures apply directly. (IRS)
  • NIST CSF 2.0. Use the small-business quick-start guides to align identify-protect-detect-respond-recover activities with your call-verification workflow. (NIST)

FAQs

Q1: Microsoft called and knew my name. Is it legit?
No. Scammers use public info and caller-ID spoofing. End the call, find the real support number on the vendor’s website, and call back. (Consumer Advice)

Q2: A screen said to call a number to fix a virus. What should I do?
Do not call. Close the tab, run your security scan, and contact your IT provider or the vendor using a number from the official site. The FTC says pop-ups that tell you to call are scams. (Consumer Advice)

Q3: Where should I report a tech support scam?
Report to the FBI at IC3.gov and to the FTC. If money moved, contact your bank or card issuer right away. (IC3 Complaint Center)

Call to action

Ready to test your team against support-call scams and set up a simple verification workflow and MFA across critical accounts? Book a short consultation to get a tailored staff script, a one-page policy, and quick configuration help this week.

Sources

  • FBI. “FBI Releases Annual Internet Crime Report.” April 23, 2025. (Federal Bureau of Investigation)
  • FTC. “New tech support scammers want your life savings.” March 7, 2024. (Consumer Advice)
  • FTC. “Tech Support Scams.” April 14, 2025. (Consumer Advice)
  • CISA. “Phone Scammers Impersonating CISA Employees.” June 12, 2024. (CISA)
  • CISA. “Secure Our World: MFA Tip Sheet.” September 2024. (CISA)
  • FTC. “Cybersecurity for Small Business.” October 2021. (Federal Trade Commission)
  • FTC. “FTC Safeguards Rule: What Your Business Needs to Know.” June 2021. (Federal Trade Commission)
  • IRS. “Safeguarding Taxpayer Data (Publication 4557).” July 2024. (IRS)
  • IRS. “Protect your clients; protect yourself.” September 16, 2025. (IRS)
  • NIST. “Quick Start Guides for Small Business (CSF 2.0).” July 17, 2024. (NIST)

Photo by Artem Podrez: https://www.pexels.com/photo/man-talking-on-the-phone-near-parked-car-4728888/