A caller pretends to be an employee of an IT company (typically Microsoft) and tells the victim that their computer is infected and needs to be restored. A software needs to be installed to do this.
Scammers call random people, pretending to offer technical support. Their goal is to convince the victim to download software that gives the scammers access to their computer. They can only gain access once the program is installed – after that, they can control the system and carry out further actions. In most cases, they try to sell the victim a software licence or a service such as a system clean-up, and ask for credit card details. No legitimate software company will ever call you unexpectedly to fix a problem. If you receive such a call, hang up straight away.
Specific measures
How the NCSC can help
Further Information
- End such phone calls immediately.
- If you have been tricked into installing remote access software, uninstall it immediately and change all passwords that you use on the device affected.
- If you suspect an infection, have your computer examined immediately by a specialist. The safest option is to completely reinstall the entire system – but remember to back up all your personal data first.
- If you provided credit card details, contact your credit card company immediately to have the card blocked.
- Do not carry out banking transactions or make online purchases with your credit card on the affected computer until you are sure that it is free from malware.
- If you have suffered a financial loss, we recommend that you report it to the police. You can find your nearest police station on the Suisse ePolice website (available in German, French and Italian).
- Your report via the online form helps the NCSC identify trends. This makes it possible for the NCSC to raise public awareness in a targeted way.
- The NCSC cannot take any action against the phone number displayed in these cases. These numbers have been forged and belong to a private individual with no connection to the incident. Blocking the number would affect someone neither involved in nor aware of the incident.
Microsoft is taking action against this issue and has set up a dedicated page for reporting these types of incidents:
Last modification 09.10.2025
