Tech Support QR Code Scam: What It Is and What to Do

How the tech support QR code scam works

The scam follows a predictable three-step sequence attackers have refined over years of practice:

1. The alarming pop-up. A full-screen browser alert appears claiming your computer is infected, your Microsoft or Apple account has been compromised, or suspicious activity has been detected. It displays a phone number and urges you to call immediately.
2. The fake support call. You call the number. The person who answers sounds professional and uses technical language to confirm your "problem." They ask for remote access or tell you to scan a QR code to "run a diagnostic" or "verify your identity."
3. The QR code payload. The QR code either downloads a remote access tool — like AnyDesk or TeamViewer — giving the attacker full visibility and control of your device, or it opens a fake login page for Microsoft, Apple, or your bank to steal your credentials.

Once the attacker has remote access, they can browse your files, install malware, initiate bank transfers, and lock you out of your own computer — all while keeping you on the phone to prevent you from noticing.

This is a form of quishing — using a QR code to deliver a malicious destination that bypasses standard URL scanning and email filters.

The most important thing to know: Microsoft, Apple, Google, and virtually every major technology company will never initiate contact with you to inform you of a problem. If the contact came to you — through a pop-up, a cold call, or an unsolicited email — it is not real.

Warning signs to recognize before you scan

• Any unsolicited pop-up with a phone number. Legitimate security software doesn't display phone numbers in alerts. A full-screen browser warning with a call-in number is almost always a social engineering lure.
• Urgency and pressure. Scammers emphasize that you must act immediately or your data will be lost, your account locked, or your computer destroyed. Real support agents don't create panic.
• A QR code sent during a support call. Legitimate companies use official support portals, not QR codes emailed or texted to you mid-call. Any support agent who sends you a QR code to scan is not who they claim to be.
• Requests to install software. If the "support agent" asks you to install AnyDesk, TeamViewer, or similar tools through a QR code link, stop immediately. Remote access software gives an attacker complete control.

What to do if you scanned the code or installed software

Act immediately. The attacker may still be connected to your device.

1. Disconnect from the internet. Turn off Wi-Fi and unplug any ethernet cable. This cuts the attacker's remote connection if one is active.
2. Uninstall any remote access software. Check your installed programs for AnyDesk, TeamViewer, UltraViewer, or anything installed in the last few hours. Remove it immediately.
3. Run a full antivirus scan. Use Windows Defender (built into Windows) or a trusted security tool to scan your device for malware, keyloggers, or spyware that may have been installed.
4. Change your passwords from a different device. Start with your email account, then Microsoft or Apple account, then banking and financial services — all from a device that was not exposed.
5. Contact your bank. If any financial accounts were visible during the remote session or if payment information was entered, call your bank immediately to flag potential fraud and freeze the account if needed.
6. Report the scam. File a report at reportfraud.ftc.gov and, if the caller posed as Microsoft, at microsoft.com/reportascam.

For a complete recovery checklist after any suspicious QR code scan, see the recovery guide.

Frequently asked questions