FakeOrLegitCheck now

Fake Router Vulnerability Call Scam

If you received a phone call that looks like a call about a vulnerability in your home router that needs immediate fixing, you are looking at one of the most repeated scam patterns of the year. These messages succeed because they impersonate something familiar and pile on urgency, pushing you to get remote access to your router and home network before you have time to verify with the real source.

Legitimate businesses and government agencies do not push action through unverifiable channels. If you cannot independently confirm the source by going to the official site or app yourself, treat the request as suspicious.

Below we walk through the warning signs you can check yourself, the exact steps to take if you have already engaged, and the most common follow-up questions we see in our checker.

Warning signs

  • The caller demands an immediate action and refuses to let you hang up and call back through an official number.
  • The caller asks for payment in gift cards, wire transfer, cryptocurrency, or by reading a verification code. No real institution requests payment this way.
  • Urgency or fear language pushes a deadline within 24 hours. Real organizations almost never time-bomb account actions that fast.
  • There is a request for payment, login credentials, a verification code, or sensitive identifiers (SSN, full DOB, full card number). None of these are ever needed to resolve a legitimate notice.
  • Spelling, grammar, or formatting is slightly off in places a real brand would catch. Scammers iterate but rarely match design systems exactly.
  • The wording matches scam reports posted on Reddit's r/scams or in recent local-news headlines. A quick search of the exact phrase is one of the fastest checks you can do.

What to do

  • Hang up. If you want to verify, look up the real number from the official site yourself and call back.
  • Never read back any verification code or one-time passcode to anyone who calls you.
  • Run any link from the message through FakeOrLegit. The checker matches the URL against our heuristics and brand-impersonation database.
  • If you already entered credentials, change the password and turn on two-factor authentication immediately. Sign out of all other sessions.
  • If you already paid by credit card, dispute the charge with your bank within 60 days. Speed matters, earlier disputes win more often.
  • Report to the FTC at reportfraud.ftc.gov. If you lost money, also file a local police report so an official case number exists.

FAQ

Will a real organization ever contact me this way?
Legitimate organizations may send notifications, but they will never ask for credentials, codes, or urgent payment by phone call. Always verify by contacting the organization through a number or address you find on their official site.
What if I already clicked the link or answered the call?
Clicking alone usually does not compromise you - the risk is in what you entered after. If you typed credentials, change that password and any password you reuse, and enable two-factor authentication everywhere. If you read out a verification code, contact the underlying service immediately to lock the account.
Will reporting actually do anything?
Yes, in aggregate. Carriers, the FTC, and the brands you forward to use volume-based detection - your one report joins thousands of others and shortens the lifespan of that specific campaign. It is one of the cheapest civic acts available.
Is FakeOrLegit affiliated with the brand mentioned here?
No. FakeOrLegit is an independent scam-risk analysis tool operated by Aura Bionics Inc. (Ontario, Canada). We are not affiliated with any brand, carrier, bank, or government agency referenced on this site.
Does FakeOrLegit save the message text?
No. We hash submitted messages with SHA-256 for de-duplication and never store the raw text. URL checks store the hostname and the risk report; message checks store only the hash and the report.

Run a check now

If a specific link or message triggered this guide, paste it for an instant risk report.

Check a websiteCheck a message

Related guides

Tech support scam

Fake Microsoft Tech Support Pop-Up

Browser pop-ups claiming your computer is infected and to call Microsoft are scams. Here is how to dismiss safely.

Read guide →
Tech support scam

Fake Apple Tech Support Pop-Up

Fake Apple support pop-ups target Safari users with fake virus warnings. Here is what to know.

Read guide →
Tech support scam

Fake Norton Antivirus Renewal Invoice

Fake Norton or McAfee renewal invoices include a scam customer-service number. Here is what is real.

Read guide →
Tech support scam

Fake McAfee Renewal Invoice

Fake McAfee renewal emails follow the same playbook as Norton. Here is the pattern.

Read guide →
Tech support scam

Fake Google Chrome Virus Pop-Up

Chrome pop-ups claiming a virus or that Chrome needs updating from a third-party site are scams. Here is how to recognize.

Read guide →

Disclaimer

FakeOrLegit provides automated risk signals based on publicly observable patterns. We do not guarantee that any site, email, or message is safe or unsafe. Always use your own judgment, and contact the real institution directly to verify any request before sharing personal or payment information.