You’re sipping your morning coffee when a flashy pop-up blocks most of your screen. The big, bold letters tell you to call a number because your computer is “infected.” It’s the perfect tech support scam. You know that if you make the call, they’ll try to sell you tech support services – for a problem that doesn’t exist. So, you do nothing. But are your loved ones equally savvy?
Believe it or not, such scams are alive and well in 2025. So far, consumers have lost $1.3 billion to tech support scams. Unfortunately, most victims are seniors: people aged 60 or older have lost more money to these scams than any other age group.
If you’re wondering how tech support scams continue to thrive, we pull back the curtain on the tactics attackers are using today – and provide real insights on how to protect your loved ones. In the meantime, tell Grandma not to make that call!
Why some people almost always fall for tech support scams
The sly “trust triggers” scammers are using to exploit people you care about
In 2025, scammers are using a range of psychological tactics to make tech support scams more convincing than ever:
- Impersonation of trusted brands: Scammers frequently use the names of well-known brands like Microsoft, Amazon, Apple, or Geek Squad to create a sense of legitimacy and familiarity.
- Urgency and fear: Pop-up messages often warn of catastrophic consequences if you don’t take immediate action – such as loss of services, data, or money. This sense of urgency is designed to override critical thinking and encourage hasty decisions. But why is urgency such an effective trigger for many people? According to the 2024 State of the Heart global report, our “hurry culture” is to blame. It’s the #1 reason for the 5.54% decline in emotional intelligence across the world since 2019. Due to our hurry culture, stillness feels foreign. There’s a fear that slowing down is weakness or that it means missing out. As a result, people are less able to avoid repeating problematic behaviors (-5.98%), and they are less able to pause and assess decisions before acting (-2.97%).
- AI-powered tools blurring the line between fiction and reality: In 2025, scammers are using AI to generate hyper-realistic pop-up alerts (that are hard to close), deepfake voice calls, and cloaked landing pages that lead to scareware sites. These tactics are designed to generate anxiety and tap into the human instinct to avoid pain.
- Official sounding communications: Messages are crafted to mimic the tone, format, and technical language used in real tech support communications. Some scammers may even reference “company policy” and cite corporate data, invoking authority and expertise to gain the trust of victims.
The anatomy of a tech support scam: Inside the mind of a modern scammer
The two (2) tech support scams draining bank accounts right now – and what to do about it
Geek Squad tech scam. Have your loved ones ever felt a jolt of panic when they got a big, scary Geek Squad email invoice for hundreds of dollars they never authorized?
Here’s the ugly truth: Scammers are using AI to crank out official-looking invoices, complete with fake order numbers and the kind of urgent language that makes people’s hearts race and their palms sweat.
The scammers will even offer a helpful solution: “If you don’t recognize this transaction, get in touch with us within 24 hours.”
If your loved one makes the call, a con artist (trained to keep them on the line) will talk circles around them and try to convince them to hand over their bank info, credit card number, or even remote access to their computer.
Sometimes, the scammers will even helpfully “process” a refund and say they sent too much. They will then demand that your loved ones pay them back in gift cards or crypto.
What to do about it:
- Tell your loved ones not to click any links or download anything – that's the trap.
- Hover over the sender’s email address. If it’s anything than the official Geek Squad or Best Buy domain, it’s a scam. Look for random numbers/characters/symbols or misspellings.
- Tell your loved ones to open a new browser window and go directly to the official Best Buy/Geek Squad website to check their account status. Don’t trust email links or phone numbers.
- Forward the scam email to Best Buy directly – and report the scam to the Federal Trade Commission or Internet Crime Complaint Center.
- Be wary of unsolicited calls from scammers saying they’re affiliated with trusted brands like Best Buy, Geek Squad, or Microsoft. Never share payment details and passwords or grant remote access to devices.
- Trusted brands will never ask for payment in the form of gift cards or cryptocurrency.
Apple Pay text alert. Your loved ones may get a text out of nowhere that says: We’ve noticed a suspicious charge of $300 on your Apple Pay account. To maintain the security and privacy of your account, call Apple Support now at 1-888-XXX-XXXX.”
The text closely mimics official Apple notifications, using familiar formatting and language. It will even warn that photos, bank info, and credit cards are at risk – unless they call the number to cancel the charge. This is a slick, heartless scam designed to play on your loved one’s fears.
If they make the call, the fake Apple “technician” may reference a special case ID and attempt to extract their Apple ID number, password, and credit card number. They may even ask your loved one to install a desktop app such as LogMeIn, Zoho Assist, or AnyDesk.
Once installed, the scammer gains full control of your loved one’s device, which means they can “see” any passwords they type when accessing banking, ecommerce, or shopping sites.
What to do about it:
- Tell your loved ones never to call the number given or click on any links provided.
- Remind them to check their Apple account or call Apple Support directly.
- Encourage them to report the scam to Apple directly and to block the sender.
- Make sure they know Apple will never ask for their passwords or bank info via text.
The one list you pray you’ll never need: What to do IMMEDIATELY if your loved one has already shared sensitive info and granted remote access
First – and this is crucial – take a deep breath. Your loved one is likely feeling scared, embarrassed, and overwhelmed. Remind them not to panic, tell them mistakes happen, and assure them there’s a way forward.
If your loved one has already made direct contact with the scammer:
- Cut the cord NOW: Have your loved one disconnect the compromised device from the Internet instantly to stop any more transfers of data. It’s also important to stop all contact with the scammers.
- Revoke remote access: Uninstall any remote-access programs and run a security scan to identify (and remove) other suspicious processes.
- Change all passwords everywhere: This is critical if your loved one has already shared credit card details, Social Security numbers, and banking info. Follow CISA guidance and use LastPass to generate strong, random passwords. Make sure each password is at least 16 characters in length and consists of a random string of letters (capitals and lower case), numbers, and symbols.
- Store all passwords in an advanced password manager secured with military-grade AES-256 encryption and powerful MFA: LastPass, a 2025 G2 Grid Leader for Password Management and 2025 Platinum Business Titan award winner is a great choice. Your loved one can try a free 30-day trial of LastPass Premium here (no credit card or commitment required).
- Alert all financial institutions FAST: Call and explain the situation. Ask the banks to freeze or monitor affected accounts. If your loved one’s financial institution offers biometric MFA as an extra layer of protection, set it up.
- Implement a fraud alert and credit freeze at all three (3) credit bureaus: A fraud alert tells creditors to verify before extending credit in your loved one’s name. It’s generally active for one (1) year (after which time it must be renewed). Meanwhile, a credit freeze locks down your loved one’s credit report, which means scammers can’t open new lines of credit in their name. Unlike a fraud alert, a credit freeze never expires. If your loved one wants to get a loan, they’ll have to lift the freeze temporarily (and restore it once the loan officer checks their credit report). Here's how you can contact all three agencies to place a fraud alert or credit freeze.
- Report the scam: File a report with to the Federal Trade Commission, the Internet Crime Complaint Center, or your local police.
Tools and tricks scammers don’t want your loved ones to know exist
The AI granny that gives scammers a taste of their own medicine
Picture this: a chatty grandma who never loses her cool and can keep scammers on the phone for 40 minutes at a time. This would be AI Granny Daisy, an AI chatbot designed to sound just like your favorite grandma, complete with stories about her cat and knitting escapades.
Scammers think they’ve found an easy mark but instead, they’ll become tangled in Daisy’s endless conversational tangents. Every minute scammers spend with her is a minute they’re not targeting a real person – especially vulnerable seniors.
This one-army AI grandma can also give out fake payment and account details – outsmarting and frustrating scammers at every turn. Best of all, she gathers intelligence on the tactics scammers use, so the information can be shared with the public and law enforcement.
The free browser extension that blocks 90% of scam pop-ups
UBlock Origin is a free, easy-to-use extension your loved one can use to block unwanted pop-ups before they even appear on their computer screen.
Here’s the TLDR (too-long-didn't-read) version of what uBlock Origin can do:
First, uBlock Origin comes in two versions: full and lite.
|
|
uBlock Origin (full) |
uBlock Origin (lite) |
|
Blocks pop-up ads |
Yes |
Yes |
|
*Manifest V2 (MV2) compliant* |
Yes |
No |
|
*Manifest V3 (MV3) compliant* |
No |
Yes |
|
Blocks trackers (pieces of code that monitor online activity) |
Yes |
No |
|
Blocks YouTube ads |
Yes |
Yes |
|
Blacklists known scam sites |
Yes |
No |
|
Browser compatibility |
Best for Firefox, Edge, Opera, and Safari version 12 or older |
Best for Chrome |
*the extension manifest gives information about the extension’s capabilities*
Attention Chrome users: Google’s new on-device LLM blocks tech support scams – even before anyone knows about it
If your loved one uses Chrome, they’re in luck.
Google’s Chrome 137 (the latest version of Chrome, released in May 2025) uses the on-device Gemini Nano large language model (LLM) to scan every page your loved one visits in real-time.
While uBlock Origin Lite can act as a first line of defense, Chrome 137 can block brand-new tech support scams that haven’t even made it onto blacklists yet. If Chrome 137 determines a pop-up is a scam, your loved one will see a warning on their screen.
- Access passwords anywhere, anytime
- Generate unique, strong passwords
- Autofill and share with one click
- Backed by expert threat intelligence
The reverse lookup trick that instantly exposes a fake support number
The next time your loved one gets a suspicious call, tell them to do a reverse phone lookup. It’s the simplest, fastest way to decide if the call deserves their attention.
The most reputable reverse phone lookup services are Spokeo, TruthFinder, and BeenVerified. Try to avoid free reverse lookup sites - they often come with limitations such as outdated/incomplete information or weak privacy protections.
Your loved one can also simply Google the phone number. Often, they may find warnings and public complaints tied to the number. Doing a reverse lookup is an easy, effective first step to prevent becoming a victim.
And there you have it: As tech support scams rise to alarming levels, you can further protect your loved ones with LastPass. A LastPass Premium trial affords 30 days free with benefits such as:
- Automatic password generation, so your loved one can “create” strong passwords without actually having to do it
- Military-grade security, so your loved one’s accounts are safe from hackers
- Instant emergency access, so you can step in and help your loved one during a crisis
- Autofill on legitimate sites only, so your loved one avoids risky mistakes
- Real-time Dark Web Monitoring with breach alerts, so your loved one knows instantly when a password has been compromised
The bottom line: LastPass is the easiest, safest option for protecting your loved one’s accounts. The ROI for you? Less stress, less risk, and more time enjoying life with your loved one.
Subscribe for the latest from LastPass blog
By subscribing, you agree to receive marketing communications regarding industry news and research, educational resources, and LastPass products and services. The processing of your personal data in accordance with the LastPass Privacy Policy. You can unsubscribe from marketing communications at any time.
