Live Schedule Visit
Security by Jack Turner 4 min read

Scam Emails, Fake Warnings, and What to Actually Click: A Plain-English Guide

That popup says your computer has a virus. That email says your account is locked. Before you click anything — read this. A plain-English guide to spotting scams and staying safe online.

The email looks real. It has Apple’s logo, it says your iCloud account has been compromised, and there’s a big red button that says “Verify Your Identity Now.”

Your heart rate ticks up. You reach for the mouse.

Stop.

That email is almost certainly fake. And the moment you click that button, the real problem begins.

The best defense against scams isn’t software. It’s knowing what to look for.

A person looking skeptically at a suspicious email on their laptop

The Three Scams I See Every Week

1. The Fake Warning Popup

You’re browsing the web and suddenly a full-screen alert appears: “YOUR COMPUTER IS INFECTED. CALL MICROSOFT SUPPORT AT 1-800-XXX-XXXX IMMEDIATELY.”

It looks terrifying. It might even play an alarm sound or lock your browser so you can’t close the tab.

The truth: This is a webpage, not a virus. Microsoft will never show you a popup with a phone number. Apple won’t either. Neither will Google.

What to do: Force-close your browser. On Windows: Ctrl+Alt+Delete → Task Manager → End Task. On Mac: Command+Option+Escape → Force Quit. Then reopen your browser. Don’t call the number. Ever.

2. The “Account Locked” Email

You receive an email from “Apple,” “Amazon,” “Netflix,” or your bank saying your account has been suspended, your payment failed, or suspicious activity was detected. There’s a link to “fix” it.

How to spot it:

  • Hover over the sender’s email address — it’s usually something like apple-security-alert@gmail.com or support@amaz0n-verify.com. Not real.
  • Hover over the link without clicking — the URL goes somewhere strange, not apple.com or amazon.com.
  • The email uses urgency: “Act within 24 hours or your account will be permanently deleted.” Real companies don’t threaten you like this.

What to do: Don’t click the link. If you’re worried it might be real, open a new browser window, go directly to the company’s website by typing the address yourself, and check your account from there.

3. The Tech Support Call

Your phone rings. The caller says they’re from Microsoft, Apple, or your internet provider. They say they’ve detected a problem with your computer and need remote access to fix it.

The truth: No tech company monitors your personal computer. No one is watching your home network. This is a social engineering attack designed to get you to install remote access software so they can steal your data or hold your files for ransom.

What to do: Hang up. That’s it. Just hang up.

The Golden Rules

  1. No legitimate company will ever ask for your password in an email, text, or phone call. Not Apple, not your bank, not the IRS. Never.

  2. If it’s urgent, it’s probably fake. Real security alerts give you time and options. Scams create panic because panic makes you click without thinking.

  3. When in doubt, go direct. Close the email. Open your browser. Type the company’s real website address. Log in there. If there’s actually a problem, you’ll see it in your account dashboard.

  4. Never let a stranger remote into your computer. The only person who should have remote access to your machine is someone you called, someone you trust, and someone you hired for a specific job.

What If You Already Clicked?

Don’t feel bad — it happens to smart people every day. Here’s what to do:

If you entered your password on a fake site:

  • Change that password immediately on the real site.
  • If you use the same password elsewhere (you shouldn’t, but most people do), change it there too.
  • Enable two-factor authentication if the service offers it.

If you installed something or gave someone remote access:

  • Disconnect from the internet immediately (turn off WiFi or unplug ethernet).
  • Don’t use the computer until it’s been checked.
  • Call me. I’ll come assess the damage and clean up what’s needed.

If you gave someone your credit card:

  • Call your bank and freeze the card. Today. Not tomorrow.

How to Build Real Protection

The best protection isn’t the most expensive antivirus software — it’s simple habits:

  • Keep your operating system updated. Those update notifications are security patches.
  • Use a password manager so every account has a different, strong password.
  • Turn on two-factor authentication for email, banking, and anything important.
  • Back up your files regularly so ransomware can’t hold your data hostage.

I set all of this up during a standard house call. Takes about an hour, and you’ll be dramatically safer than 90% of people online.

Serving: Hanalei · Princeville · Kīlauea · Anini

Schedule a House Call → · Call (808) 647-2304