← All Resources

Published · Cybersecurity · Threat Awareness

How to protect your business from tech-support and government-impersonation scams

Two of the fastest-growing scams in the FBI's 2025 Internet Crime Report are run out of illegal call centers: fake tech-support warnings and criminals posing as government agencies. Together they drove more than $2.9 billion in losses and over 80,000 complaints in 2025. They target your employees, your finances, and increasingly your business accounts. Here is how they work and how to stop them.

How these scams work

Both scams are designed to create panic and then offer the victim a way out that happens to involve handing over money or computer access.

Tech-support scams

The victim sees an alarming pop-up warning that their computer is infected, or receives a cold call from someone claiming to be from a well-known technology company. The "technician" offers to help, then asks for remote access to the computer. Once inside, they "find" fake problems, charge for fake fixes, install real malware, or steal data and credentials. In 2025, tech-support fraud rose to $2.1 billion in losses, up sharply from $1.46 billion the year before.

Government-impersonation scams

Here the caller claims to be from a government agency such as the IRS, the Social Security Administration, or law enforcement. The message is a threat: you owe back taxes, your identity has been used in a crime, or you will be arrested unless you pay immediately. In 2025, government-impersonation scams caused roughly $798 million in losses, nearly double the prior year. The FBI has even warned of criminals impersonating senior U.S. officials in messaging campaigns.

Both scams overwhelmingly demand payment in forms that are hard to trace and hard to reverse: gift cards, wire transfers, and cryptocurrency, sometimes through a cryptocurrency ATM. That demand is the single clearest sign that you are being scammed.

How to protect your team and your business

These scams target people, not systems, so the defenses are mostly about habits and clear rules. Share the five steps below with everyone on your team.

Step 1

Train staff on the red flags

The single best protection is a team that recognizes the pattern.

  • Unsolicited contact about a computer problem or an urgent debt is suspicious by default.
  • Pressure and threats (arrest, lawsuits, account suspension) are tactics, not facts.
  • Requests for remote access or payment from someone who called you should stop the conversation.

Step 2

Never grant remote access to an unsolicited caller

Remote access is how a tech-support scam turns into a real breach.

  • Only allow remote sessions you initiated with a provider you already trust, such as your own IT partner.
  • Never install software at the direction of an unexpected caller or pop-up.
  • If a pop-up locks your screen, close the browser or restart rather than calling the number it displays.

Step 3

Hang up and call back on an official number

Real organizations are happy to be called back. Scammers are not.

  • End the call and look up the official number yourself, from a statement, an official website, or the back of your card.
  • Do not use a number the caller, email, or pop-up provides.
  • Verify with your IT partner before acting on any technology warning.

Step 4

Know the payment red flags

The requested payment method is often the fastest way to unmask a scam.

  • Gift cards, wire transfers, and cryptocurrency are the scammer's favorites because they are hard to reverse.
  • No legitimate government agency will ever demand payment by gift card or threaten immediate arrest over the phone.
  • No legitimate tech company will call out of the blue to collect payment for fixing your computer.

Step 5

Lock down and report if you were caught

If an employee granted access or sent payment, act quickly.

  • Disconnect the affected device from the network and have it checked for malware.
  • Change passwords on any account that may be exposed, and review the account-compromise steps.
  • If money was sent, call your bank immediately to attempt a recall, and file a report with the FBI at ic3.gov regardless of the amount.

Common questions

Will Microsoft, Apple, or another tech company ever call me about a virus?

No. Legitimate technology companies do not make unsolicited calls about viruses on your computer, and they do not use pop-up warnings with a phone number to call. Any such contact is a scam. If you are concerned about your device, contact your IT provider directly using a number you already trust.

How do I know if a call from a government agency is real?

Real agencies do not threaten immediate arrest over the phone or demand payment in gift cards, wire transfers, or cryptocurrency. If you get such a call, hang up and contact the agency directly using a number from its official website. The pressure to act immediately is itself a warning sign.

An employee gave a scammer remote access. What now?

Disconnect that device from the network right away and have it inspected for malware before reconnecting it. Change passwords on any accounts that may have been exposed and enable multi-factor authentication. If any payment was made, call your bank immediately and file a report at ic3.gov. Then tell your IT partner so they can check for further compromise.

Why are these scams growing so fast?

They are run as organized operations out of illegal call centers, often overseas, that contact thousands of potential victims. The FBI and international partners made hundreds of arrests in 2025, but the volume remains high, which is why staff awareness is the most reliable defense.

Want your team trained to spot these scams?

Veldtech helps small businesses build the awareness and the technical controls that stop tech-support and impersonation fraud, backed by a trusted IT partner your staff can call to verify anything suspicious. We serve Sacramento, Citrus Heights, and Northern California.

Contact Veldtech