This is the full picture. Everything else this week — the email scams, the fake ads, the lookalike sites — funnels into this. The remote support scam is where they actually take your money, and they take a lot of it. The average loss per victim hit $14,000 last year, according to FTC numbers, and the people who get hit are disproportionately people who consider themselves careful.

I want to walk you through it the way it actually happens. The names and details are changed, but every step is real, and every step is happening to somebody, somewhere, right now.

9:47 a.m. — The pop-up

Margaret is reading a recipe blog. She's looking at a picture of a banana bread when her browser suddenly takes over the screen. A loud, repetitive beeping sound plays. A red banner across the top says: "WARNING — ZEUS VIRUS DETECTED. YOUR FINANCIAL INFORMATION IS COMPROMISED." Below it, a phone number: 1-855-XXX-XXXX. "Call Microsoft Support immediately. Do not turn off your computer."

She tries to close the tab. The page won't let her. She tries to close the browser — the page asks "Are you sure?" and won't release. The voice keeps repeating. The beeping is loud.

Her grandkids are coming over for dinner. Her bank app is on this computer. The page mentions her financial information. She picks up the phone.

This is the entire weapon. A single web page, designed to make her panic enough to dial.

9:51 a.m. — The call

A man with a soft, professional voice answers. "Microsoft Support, this is Brian, how can I help you?" Margaret reads him the warning on her screen, halfway in tears. Brian is calm and reassuring. "Ma'am, you did the right thing by calling us. This is a serious infection. Let's get this taken care of right now."

He asks for her name. He asks how long the warning has been on her screen. He empathizes — "I know this is scary, I see this every day." He has been at this for years. His tone is exactly the tone you want when you're scared.

He asks her to go to a website to "let our technicians take a look." The website is anydesk.com. Or sometimes teamviewer.com. Or ultraviewer.net. These are real, legitimate remote-access programs used by real IT departments. The scammers love them because they look professional and they're free.

She downloads it. She runs it. He reads her a number off the screen. She gives him the number. He's now connected.

9:58 a.m. — The fake diagnosis

Brian opens a black command prompt window. He types in commands. They're real commands — netstat, tree, dir— but their output, to anyone who doesn't know what they mean, looks alarming. Long lists of numbers. Foreign-sounding entries. He pauses on a line that mentions a Russian IP address (he typed it in himself) and reads it slowly. "Ma'am — this is a foreign hacker. They've been in your computer for sixteen days. They have access to all of your accounts. We need to act fast."

She believes him because she has no way not to believe him. The screen does say what he says it says. The black window with the green text feels like real computer work. He's been polite, helpful, calm.

He tells her she has a "lifetime tech support license" with Microsoft that she activated when she bought her computer. The license has been compromised, so she'll need to renew it to fix the problem. The cost is $499 for the basic plan or $999 for the comprehensive plan, which includes "removal of foreign access." He recommends the $999 because of the severity.

10:14 a.m. — The bank visit

Margaret says she'll need to check her bank account. Brian says — and this is the critical move — "Of course, ma'am. I'll connect you to our refund department to process the payment. While I have you here, would you like me to verify that your bank account hasn't been compromised? I can show you on the screen."

She agrees. He opens her browser, navigates to her bank's website, and asks her to log in. She does. He sees her balance. He sees her account number. He's now in her bank.

10:23 a.m. — The "accidental" overpayment

This is the point where the scam moves from a $999 mistake to a $14,000 catastrophe. Brian goes through the motions of "issuing a refund" or "processing a payment." He fakes typing the amount — and then says, "Oh no. Oh no, ma'am. I'm so sorry, I made a typo. I sent you $9,990 instead of $999. My manager is going to fire me."

He shows her a screen — actually just a fake page he loaded — that appears to show $9,990 deposited in her account. (He may have actually moved money from her savings to her checking, so the balance does in fact show a big jump.) "Please, ma'am, you have to send the difference back. I have a family. If my manager finds out, I'll lose my job."

She wants to help. He's been so nice. She says yes.

10:41 a.m. — The gift card detour

Real refunds don't work this way, but Margaret doesn't know that. Brian says the only way to send the money back fast enough to save his job is to buy gift cards — Apple gift cards, specifically. He instructs her to drive to the nearest CVS or Target and buy $9,000 worth of $500 Apple gift cards. He stays on the phone the whole time. He coaches her through what to say if the cashier asks why she's buying so many ("My grandkids' birthdays").

This is the script. Every remote support scam ends in some version of this — gift cards, wire transfers, cryptocurrency, sometimes physical cash mailed in an envelope. They use methods that are fast, hard to trace, and irreversible.

11:38 a.m. — The intervention

Margaret's daughter walks into the kitchen, sees the laptop with the AnyDesk window open, sees her mother crying with her car keys in her hand, and asks what's happening. Her mother explains, half-coherently, about the virus, the kind man named Brian, his manager, the job. The daughter takes the phone.

"Hello? Who is this?"

Click.

That click is the most important sound in the scam. Once you take the phone away from the panicked person, the scam ends instantly. The scammer doesn't try to convince the daughter. There's no follow-up. They've moved to the next number on the list.

What was actually wrong with Margaret's computer

Nothing. The pop-up was a single web page. Closing the browser — the right way, by force-quitting — would have ended the entire incident at minute one.

There was no Zeus virus. There was no Russian hacker. The black window with the alarming text was Brian typing commands meant to look scary. The "lifetime tech support license" doesn't exist. The "refund department" doesn't exist. Microsoft has no idea any of this happened, and never would.

What it cost in the end

Margaret had been about to spend $9,000 in gift cards. Her daughter stopped her in time, but during the AnyDesk session, the scammer had taken screenshots of her bank account, password manager, and email. Over the next three weeks, fraud attempts hit her credit card, two of her email accounts were locked out, and she had to put a credit freeze on her file.

Even without the gift cards, the cleanup cost her about $400 in shop time, $200 in identity protection services, and weeks of stress. The "good" outcome of this scam still costs the victim hundreds of dollars and months of paranoia.

How to break the scam at every step

Before the pop-up: keep your browser updated, use a free ad blocker like uBlock Origin, and don't click on sponsored search results.

When the pop-up appears: don't read it carefully. Don't try to close it the polite way. Force-quit the browser. On Windows, Ctrl+Shift+Esc opens Task Manager — find the browser, click End Task. On Mac, Cmd+Option+Esc opens Force Quit, select the browser, click Force Quit. If that doesn't work, press and hold the power button on your computer to shut it off.

If you've already called: hang up. They have your phone number now and will call back. Don't answer.

If you've already let them remote in: turn off your computer immediately by holding the power button. Bring it to a real technician before turning it back on. Change every password from a different device.

If you've already paid: call your bank within the first hour. Call the gift card issuer if you used gift cards. File a report at ic3.gov. Don't keep talking to the scammer hoping for a refund — they will never refund you, and continued contact only puts more of your information in their hands.

The takeaway

This scam is theater from start to finish. There is no virus. There is no refund. There is no Brian. The whole performance is engineered to keep you panicked and busy, so you don't stop to ask the one question that breaks it: would the real Microsoft really need me to drive to CVS and buy gift cards?

Tomorrow's post covers the rescue mission: what to do, in what order, if you've already let a "tech" into your computer. And Friday's newsletter delivers the printable Real Support Numbers cheat sheet to every subscriber.

If someone you love is the kind of person who'd answer a pop-up like Margaret did, forward them this post today. The single best protection against this scam is a friend who's read the script before.