She held down the physical on her laptop for a full 10 seconds. The screen went black. Silence. The scam pop-up was gone.
The scam pop-up never returned. But Sarah’s confidence in handling it? That stayed forever.
She knew the cursor was trapped inside the browser window. On a Mac, she held Command + Q . On Windows, Ctrl + Shift + Esc to bring up Task Manager—but her mouse was fake-locked. So she tried Alt + F4 repeatedly. Nothing. Then she remembered: the nuclear option.
Her first instinct was to panic-call the number. But she stopped. She remembered a news segment about “tech support scams.” Breathe.
She turned Wi-Fi back on, downloaded Malwarebytes (free version) from a legitimate site, and ran a full scan. It found two adware extensions and one “browser hijacker”—the culprit that had redirected her from the client’s fake email.
From a different device (her phone), she changed her email, banking, and social media passwords. The scam pop-up hadn’t stolen anything yet, but the hijacker could have logged keystrokes.
By dinner, her computer was clean. The only lasting damage was a new rule: she never, ever called a number on a pop-up. Instead, she told her mom, her neighbor, and her book club: “If a screen screams at you, don’t scream back. Just kill the power, kill the internet, and kill the cache.”
She reopened her browser offline . It tried to restore the previous session. Don’t let it. She went into history (Ctrl+H) and selected “Clear browsing data” for all time—cookies, cache, site settings. That wiped any malicious script trying to auto-load.
