Skip to main content
ThreatScams & fraud

Fake Microsoft / Apple / McAfee tech support scam — fraudulent email impersonating Microsoft, Apple, Windows Defender, McAfee, Norton, or Avast claiming a virus, malware, or security threat has been detected on the recipient's computer, or that a security license has expired — directing them to call a toll-free support number, contact a technician, or not shut down the device, a high-volume phone-based fraud that leads to remote access scams and fake repair charges

fake-microsoft-apple-tech-support-scam

What this tier means

High-confidence threat indicator — phishing, impersonation, BEC, or scam pattern. Strong contributor to the trash decision.

How Gorganizer detects this

Fraudulent emails impersonating Microsoft, Apple, Windows Defender, McAfee, Norton, or Avast — claiming a virus, malware, or security breach has been detected on the recipient's computer, that a security license has expired, or that the device has been compromised — then directing them to call a toll-free support number, contact a technician, or avoid shutting down the device. This is the email delivery vector for the broader tech support scam ecosystem, which typically escalates to a phone call where scammers request remote access and charge for fake repairs. Key facts: (1) Tech support scams cost Americans $924M in 2023 (FTC Consumer Sentinel 2024); the median individual loss was $500, with older adults disproportionately targeted; (2) Microsoft is the most impersonated tech brand in support scams by volume — the company receives hundreds of thousands of annual reports; the "Microsoft Security Alert" and "Windows Defender" variants are the highest-volume email lures; (3) The scam's three-stage structure: (a) email/popup lure creates urgency (virus detected, license expired); (b) call to fake support line — scammer spends 20–60 min establishing trust; (c) request for remote access (TeamViewer, AnyDesk) to "fix" the fake problem while actually stealing data or installing malware; (4) Legitimate Microsoft, Apple, and security software companies never proactively email users with virus alerts, demand phone calls, or instruct users not to shut down their devices. Warning signs: impersonated tech brand + virus/malware alert, call toll-free number CTA, do-not-shut-down instruction, files-at-risk threat.

False-positive guard

Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a threat-tier signal — it adds a strong contribution to the trash score. The full pipeline still requires convergence across multiple modules + a margin over the safety floor before deletion happens, and Gmail's trash (30-day recovery) is always used — never permanent delete.

About the scoring engine

Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.

Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.

Browse all signalsSafety guaranteesJSON

Ready to clean your inbox?

Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.

Get started