Windows Security Update Fee: Scam or Legitimate?

🛡️⚠️

Microsoft Official • FTC • FBI IC3 • Verified

The straight truth about who actually charges for Windows security updates, what the real fees are for specific situations, and exactly how to tell a Microsoft scam from a legitimate notification — verified from official Microsoft, FTC, and FBI sources.

💡 10 Key Things Every Windows User Needs to Know About Update Fees

If you have seen a message, email, pop-up, or phone call telling you that you need to pay a fee to receive a Windows security update — stop. In the vast majority of cases, that message is a scam designed to steal your money and, often, access to your personal accounts and computer. The FBI’s Internet Crime Complaint Center (IC3) recorded more than $800 million in tech support scam losses in a single recent year, and seniors are disproportionately targeted. At the same time, a small and specific category of legitimate Windows update fees does exist — but only in very defined situations that almost never involve a surprise message or phone call. This guide tells you exactly what is real, what is fraud, and what you should do if you have already clicked, called, or paid.

1
Does Microsoft ever charge for Windows security updates? For Windows 11 and currently-supported Windows 10 users: NO. Security updates are completely free. The only legitimate fee is the optional Windows 10 Extended Security Update (ESU) program, which costs consumers about $30 and is purchased voluntarily through official Microsoft channels only.
Microsoft’s official policy, confirmed on support.microsoft.com, is unambiguous: security updates for all supported Windows versions are free throughout their mainstream support lifecycle. Windows 11 users receive free security updates indefinitely. Windows 10 support ended October 14, 2025, but Microsoft created a voluntary paid ESU program (~$30 for consumers; $61 for businesses per device for Year 1) that anyone can optionally purchase through the official Microsoft Store or Windows Update settings. No legitimate Windows security update ever arrives via a pop-up, unsolicited email, phone call, or third-party website asking for payment. If you received one of those, it is a scam.
2
What is the single most important rule for identifying a fake “Windows update fee” message? Real Microsoft security alerts NEVER appear as browser pop-ups, NEVER include a phone number, and NEVER demand payment. If any of those three things are present, it is 100% a scam.
Microsoft’s official security guidance, published at support.microsoft.com, states this explicitly and repeatedly. Real Windows security notifications appear only inside the Windows Security app or in Settings → Windows Update. They contain calm, specific instructions about what patch is available. They never display in a web browser, never include a support phone number, never play audio alarms, never lock your screen with a warning, and never demand payment of any kind. If a message has any one of those characteristics, you can stop reading it and close your browser immediately — it is fraudulent, regardless of how official it looks.
3
I received an email saying my “Windows Defender subscription” is renewing for $299 or $399. Is that real? No. This is one of the most common tech support scams in circulation. Windows Defender is free and built into Windows. Microsoft has no $299 or $399 Defender subscription for home users.
This specific scam — an email claiming your “Windows Defender subscription” is auto-renewing for a large amount and providing a phone number to “cancel” — is one of the most reported tech scams in the United States. Windows Defender (now called Microsoft Defender) is built into all versions of Windows 10 and 11 at zero cost. There is no subscription plan, no renewal charge, and no $299, $349, or $399 fee of any kind for standard home users. Documented cases in the Microsoft Q&A forums show victims who called the number in the email and were then manipulated into granting remote access to their computer and revealing their bank account information. Do not call the number. Do not click any link. Forward the email to [email protected] and delete it immediately.
4
Are Windows 11 security updates free? How do I get them for free? Yes, completely free. Go to Settings → Windows Update and click “Check for updates.” That’s the only correct and official way to update. Never use any other method prompted by an email or website.
Windows 11 receives free security updates automatically through Windows Update on the second Tuesday of each month (known as “Patch Tuesday”). No purchase, subscription, or payment is ever required. The only correct path to update is through the operating system itself: open the Start menu, click Settings (the gear icon), select Windows Update, and click Check for updates. This process costs nothing and requires no credit card information. According to Microsoft’s official documentation, Windows 11 will continue receiving free security updates through its mainstream support lifecycle, which extends well into the 2030s depending on the version.
5
I still use Windows 10. Do I have to pay for security updates now? For home users: No. Microsoft offers Windows 10 Extended Security Updates free to consumers who enable cloud backup (Windows Backup in Settings). The free ESU covers security updates through October 13, 2026. A paid option (~$30) also exists for those who prefer not to use cloud backup.
Windows 10 mainstream support ended October 14, 2025. Microsoft created the Extended Security Update (ESU) program specifically to bridge the gap for consumers who cannot yet upgrade to Windows 11. For home users, Microsoft offers ESU at no cost by enabling Windows Backup with a Microsoft account — this is the free enrollment option. A one-time paid purchase of approximately $30 per device is available for those who prefer not to use cloud backup, purchasable through the official Microsoft Store. Per PCWorld and confirmed at microsoft.com/en-us/windows/extended-security-updates, this free ESU covers critical security patches through October 13, 2026. After that date, the consumer ESU program ends entirely and cannot be renewed.
6
A pop-up just appeared on my screen saying my computer is infected and I need to call a number immediately. What should I do? Do NOT call the number. Close your browser immediately (force-quit if needed). Do not click anything on the pop-up. If your browser is stuck, restart your computer. This is a browser hijack scam — your computer is almost certainly not infected unless you called and gave access.
This type of scam — described in detail by ExpressVPN’s security blog (January 2026) and Microsoft’s official scam protection page — works by exploiting browser notification permissions or loading a malicious web page that forces the browser to full-screen mode to simulate a system lockup. Common tactics include looping siren sounds, a robotic voice reading a warning, a fake “scan progress bar,” and text claiming your computer is transmitting viruses. None of this is real. Your computer is displaying a website, not experiencing a system error. The correct response: press Alt+F4 on Windows to close the browser window, or press Ctrl+Alt+Delete and use Task Manager to end the browser process. Do not call the phone number. Do not click anything. After closing, run Windows Defender (built-in, free) to confirm no actual malware is present.
7
I already called the number and let them access my computer. What do I do right now? Act immediately: (1) Disconnect from the internet, (2) Call your bank to freeze any accounts you accessed during the call, (3) Change all passwords from a different device, (4) Run a full Windows Defender scan, (5) Report to the FTC at ReportFraud.ftc.gov.
If you gave a scammer remote access to your computer, treat it as a full security breach. Per Microsoft’s official guidance at support.microsoft.com, take these steps in order without delay. First, physically disconnect from the internet (unplug the Ethernet cable or turn off Wi-Fi). Second, call your bank’s fraud line immediately — especially if you logged into any financial accounts while they had access. Banks can freeze transactions and issue new cards same-day. Third, from a separate phone or tablet, change your email password, Microsoft account password, and any banking logins. Fourth, run Windows Security → Virus & Threat Protection → Full Scan on the affected computer. Fifth, report the scam to the FTC at ReportFraud.ftc.gov and to Microsoft at microsoft.com/reportascam. Both submissions help authorities track these operations and potentially recover funds.
8
Is there any situation where a legitimate company can charge a fee related to Windows updates? Yes — but only in two narrow, clearly defined situations: (1) businesses purchasing the optional Windows 10 ESU through Microsoft volume licensing, and (2) IT service providers who charge their own labor fees to configure or deploy updates. Neither involves an unexpected message or phone call.
The Windows 10 ESU for businesses costs $61 per device for Year 1, doubling annually ($122 Year 2, $244 Year 3) through October 2028, purchased exclusively through Microsoft volume licensing or authorized Microsoft resellers. This is never solicited via pop-up, email, or phone call — it is a planned business purchase. The second category is IT service providers (your company’s IT department, a managed service provider, or an individual technician) who charge their own labor rate to set up and maintain Windows systems. They are billing for their time, not for the updates themselves. A technician legitimately charging $75/hour to configure Windows Update on your office computers is normal business practice. A stranger calling your home phone claiming to be “Microsoft” and charging a fee is always a scam.
9
How do I know if the Windows update I received is real? Real Windows updates arrive only through Settings → Windows Update inside your computer. Check the KB number (e.g., KB5074109) against Microsoft’s official update catalog at catalog.update.microsoft.com. Any update prompted by a browser or email is fake.
A February 2026 security alert from Next-Computers.com documented a major fake Windows update campaign using the “Trojan:JS/FakeUpdate (SocGholish)” malware, which displays convincing fake Windows update screens on legitimate but compromised websites. The key verification steps: open Settings → Windows Update → Update History and check the KB number of any recent update. Paste that KB number into Microsoft’s Update Catalog at catalog.update.microsoft.com to verify it is a genuine Microsoft release. Real updates never prompt you to open a Command Prompt (Win+R), paste scripts into your browser, download an .exe file from a non-Microsoft website, or call a phone number. If a website or email asks you to do any of those things in connection with an “update,” it is malicious.
10
Should I upgrade from Windows 10 to Windows 11 to avoid all of this confusion, and is the upgrade free? Yes, upgrading to Windows 11 is free for eligible Windows 10 computers and is the cleanest long-term solution. Check compatibility at microsoft.com/windows/windows-11-specifications. Most computers purchased after 2018 are eligible.
The Windows 11 upgrade is free for licensed Windows 10 users on eligible hardware, confirmed by Microsoft and independently verified by Microsoft Q&A staff. The upgrade is performed through Settings → Windows Update → where the Windows 11 upgrade option appears if your computer meets the requirements. The hardware requirement that disqualifies some older PCs is TPM 2.0 (a security chip); computers purchased before approximately 2017–2018 may not qualify. As TrustedTech’s November 2025 guide notes, upgrading to Windows 11 is free and delivers ongoing free security improvements, whereas sticking with Windows 10 + ESU incurs fees that increase annually and still ends with the need to upgrade. If your PC is not eligible, consider a new entry-level Windows 11 PC (commonly available for $300–$400) rather than paying escalating ESU fees for ageing hardware.

Sources: Microsoft Support protect-yourself-from-tech-support-scams (support.microsoft.com; real alerts never in browser; never include phone number; never payment demands; Microsoft never calls unsolicited; apply updates Settings>Windows Update; report reportascam); Microsoft.com/en-us/windows/extended-security-updates (Windows 10 ESU consumer ~$30 paid; free via Windows Backup; through Oct 13 2026; enroll via Settings>Update>Windows Update); Microsoft Learn ESU learn.microsoft.com/en-us/windows/whats-new/extended-security-updates (paid program; voluntary; min 1 license; Year 1 starts Nov 2025; cumulative purchase rule); PCWorld Feb 2026 (ESU free for private/home users through Oct 2026; businesses paid 3 years); TrustedTech Nov 24 2025 (Win 11 free upgrade; ESU ~$30 consumer; $61 enterprise Year 1; Win 10 + ESU vs. upgrade cost comparison; Oct 13 2026 consumer ESU ends); IT GOAT Apr 2025 ($61/device Year 1 businesses; $122 Year 2; $244 Year 3); Next-Computers Feb 9 2026 (Trojan:JS/FakeUpdate SocGholish campaign; KB5074109 real update confusion; fake update pop-ups from compromised sites; Settings>Windows Update only legitimate source); ExpressVPN Jan 15 2026 (Windows Defender Security Center scam; scareware tactics; looping sirens; browser hijack full-screen; fake scan bars; never phone number in real alerts; close browser Alt+F4; change passwords; run full scan; report FTC); Microsoft Q&A March 2026 (Windows Defender $399 scam documented; never call number; report [email protected]; remote access = security breach); Microsoft Q&A Mar 2026 learn.microsoft.com/en-ca/answers/questions/5817130 (Microsoft doesn’t send unsolicited billing emails with phone numbers; forward scam to microsoft.com/reportascam); FTC ReportFraud.ftc.gov (reportfraud.ftc.gov; consumer reporting portal); WindowsCentral May 2025 (Windows 11 updates free; Windows Server 2025 $1.50/core fee is server only; not Windows 11); Microsoft Q&A Oct 2026 consumer ESU ends / no renewal available

🏆 10 Real Situations — Scam or Legitimate? What to Do in Each Case

⚠️ How to Use This Section

Each card below describes a specific situation you may have encountered. Each is labeled as a SCAM, FREE, LEGITIMATE FEE, or OPTIONAL PAID. All information is verified from official Microsoft, FTC, and cybersecurity sources as of March 2026. When in doubt about any message on your computer, the safest action is always to close the browser or window and manually navigate to Settings → Windows Update yourself.

🚨 SCAM — Do Not Call. Do Not Pay. Close the Browser.

A Pop-Up Appeared Saying Your PC Has a Virus — Call This Number

🌐 Browser-Based Scareware • Tech Support Scam • Extremely Common

❌ SCAM — 100% Fraudulent

❌ Not from Microsoft — it is a website

❌ Real MS alerts NEVER appear in a browser

❌ Real MS alerts NEVER include phone numbers

❌ Real MS alerts NEVER play audio warnings

❌ Real MS alerts NEVER lock your screen

❌ Your computer is NOT infected by the pop-up alone

✅ Correct action: close browser (Alt+F4)

✅ Then run Windows Defender scan to confirm

This is the most common tech support scam in the United States. A malicious or compromised website forces your browser into full-screen mode and displays a convincing Windows error message with a phone number. Sirens may play. A robotic voice may read the warning aloud. A fake “scan” may appear to find hundreds of viruses. None of this reflects your computer’s actual state — it is a web page displaying graphics designed to frighten you into calling. Microsoft’s official guidance is unequivocal: real Windows error messages never include phone numbers, never appear in a browser, and never demand immediate payment. Calling the number is the danger — scammers will ask for remote access, which then allows them to steal data, install actual malware, or walk you through “paying for repairs” with gift cards or wire transfers.

🛡️ Right now: Press Alt + F4 to close the browser, or press Ctrl + Alt + Delete → Task Manager → End Task on your browser.
🔍 After closing: Start → Windows Security → Virus & Threat Protection → Quick Scan
🚨 If you already called: See Scenario 4 below immediately.

100% Scam Never Call the Number Close Browser Only Common Targeting: Seniors Alt+F4 to Close

🚨 SCAM — Windows Defender Has No $299 or $399 Subscription

Email: “Your Windows Defender Subscription Is Renewing for $399”

📧 Phishing Email • Fake Invoice • Impersonates Microsoft • Extremely Common

❌ SCAM — Microsoft Defender Is Free. No Such Subscription Exists.

❌ Windows Defender is FREE and built-in

❌ No $299, $349, or $399 home subscription

❌ Microsoft never emails unsolicited billing

❌ Microsoft billing emails have NO phone numbers

❌ Do NOT call the number in the email

❌ Do NOT click any link in the email

✅ Forward to [email protected]

✅ Mark as spam and delete

This scam arrives as an email — sometimes surprisingly professional-looking — claiming your “Windows Defender Protection Plan” or “Microsoft Security Subscription” is auto-renewing for a specific dollar amount. A phone number is prominently displayed to “cancel the charge.” Multiple documented cases in the Microsoft Q&A forums describe seniors who called, were convinced to allow remote access to their computer, and were then guided to log into their online bank account — giving the scammers everything they needed to drain accounts. Microsoft Defender (built into every Windows 10 and Windows 11 PC) has zero subscription fee for home users. Microsoft’s customer communications about actual account billing never include a phone number and never demand urgent action within a deadline. If the email is from a non-Microsoft domain or if it contains a phone number, it is fraudulent.

📧 Do NOT call the number. Do NOT click any link.
📤 Forward the email to: [email protected]
🌐 Report at: microsoft.com/reportascam
🗑️ Mark the email as junk/phishing in your email client and delete it.

Phishing Email Defender Is Free No $299/$399 Plan Never Call Number Forward to MS Phishing

🚨 SCAM — Microsoft Never Calls You Unsolicited. Ever.

Phone Call: “This Is Microsoft Support. Your Computer Is Sending Errors.”

📞 Unsolicited Phone Scam • Vishing • Impersonates Microsoft • Very Common

❌ SCAM — Microsoft Does Not Make Unsolicited Calls. Hang Up.

❌ Microsoft never calls consumers unsolicited

❌ Microsoft never detects errors on home PCs remotely

❌ Microsoft cannot see your computer errors from afar

❌ “Windows error logs” shown are fake and universal

❌ Never give remote access to an unsolicited caller

❌ Never buy gift cards for unsolicited tech support

✅ Correct action: hang up immediately

✅ Report to FTC at ReportFraud.ftc.gov

The phone-based tech support scam is one of the most consistently documented frauds targeting older adults in the United States. Callers claim to be from “Microsoft,” “Windows Support,” or “your internet provider” and state that they have detected errors or security problems on your computer. They often ask you to open Event Viewer on your Windows PC and look at “errors” — a feature that shows normal system log entries on every Windows computer, which scammers use to alarm you into believing there is a real problem. Microsoft’s official statement is absolute: “Microsoft does not send unsolicited email messages or make unsolicited phone calls to request personal or financial information, or to provide technical support. If you didn’t ask us to, we won’t call you.” Hang up the moment any unsolicited caller claims to be from Microsoft or Windows Support.

📞 Hang up immediately. No polite explanation required.
🚨 Report to the FTC at: ReportFraud.ftc.gov
📞 Report to the FBI Internet Crime Complaint Center at: ic3.gov
💡 Tell family members and neighbors — this scam targets seniors specifically.

Hang Up Immediately MS Never Calls Unsolicited Event Viewer Is Normal Report to FTC Tell Family Members

🚨 EMERGENCY — If You Already Gave Remote Access, Act Within the Hour

Already Called & Let Them In: Emergency Recovery Steps

🚨 Security Breach • Financial Risk • Act Immediately

⚠️ URGENT — Treat as a Full Security Breach

🚨 Step 1: Unplug internet cable or turn off Wi-Fi NOW

🚨 Step 2: Call your bank fraud line immediately

🚨 Step 3: Change all passwords from a different device

🚨 Step 4: Run full Windows Defender offline scan

🚨 Step 5: Report to FTC at ReportFraud.ftc.gov

🚨 Step 6: Report to Microsoft at microsoft.com/reportascam

🚨 Step 7: Consider factory reset if in doubt

✅ Banks can often reverse unauthorized charges if reported fast

If you allowed a scammer remote access to your computer or provided payment information, you must act immediately. Per Microsoft’s official victim guidance, the scammer may have installed software that allows them to return even after the call ended, logged passwords as you typed them, taken screenshots of sensitive documents, or made purchases using stored payment information. The time between the scam call and when you take defensive action is critical — every hour of delay is another hour of potential unauthorized access and financial transactions. Banks are experienced with these situations and can often reverse charges or freeze accounts same-day when you call immediately and explain what happened. Do not feel embarrassed; these scams are extremely sophisticated and target people of all ages and backgrounds.

📞 Bank fraud line: Call the number on the back of your credit/debit card
🌐 FTC Report: ReportFraud.ftc.gov • FBI IC3: ic3.gov
🌐 Microsoft report: microsoft.com/reportascam
📞 Elder Fraud Hotline (DOJ): 1-833-FRAUD-11 (1-833-372-8311)

Emergency Action Required Call Bank First Disconnect Internet Immediately Change All Passwords DOJ Elder Fraud Hotline

✅ FREE — Windows 11 Security Updates Cost Nothing

Notification Inside Windows Update: “Updates Are Available”

✅ Legitimate • Free • Appears Only in Settings → Windows Update

✅ FREE — Always Free for Windows 11 Users

✅ Appears in Settings → Windows Update only

✅ No payment, no credit card, no login required

✅ Releases every second Tuesday (“Patch Tuesday”)

✅ Can be set to install automatically overnight

✅ Never asks you to call a phone number

✅ Never appears in a web browser or email

✅ Verify KB number at catalog.update.microsoft.com

✅ Windows 11 mainstream support extends into the 2030s

This is the real thing. When Windows detects a security update is available, it shows a quiet notification in the system tray (bottom right of your screen) or in Settings → Windows Update. The notification is calm, contains no phone number, no alarm, and no payment request. Clicking “Download and install” begins the free update process, which typically takes 10–30 minutes and may require a restart. You can also set Windows 11 to automatically install updates overnight by enabling “Active Hours” in Windows Update settings so updates don’t interrupt your day. If you are uncertain whether a specific update is real, open Windows Update yourself by navigating through the Start menu to Settings → Windows Update rather than clicking any external notification.

💡 How to update correctly: Start Menu → Settings (gear icon) → Windows Update → Check for updates
🔐 Verify a KB number: catalog.update.microsoft.com
⏰ Enable automatic updates: Windows Update → Advanced Options → Automatic Updates: ON

Always Free In Settings Only No Phone / No Payment Monthly Patch Tuesday Verify at MS Catalog

✅ FREE (With One Step) — Windows 10 ESU for Home Users

Windows 10 Extended Security Updates — Consumer Free Option

✅ Microsoft Official Program • Free via Windows Backup • Through Oct 2026

✅ FREE for Home Users — Enable via Windows Backup in Settings

✅ Free for Windows 10 Home/Pro home users

✅ Enable via: Settings → Accounts → Windows Backup

✅ Requires sign-in with a Microsoft account

✅ Covers critical security patches only

✅ Covers through October 13, 2026

⚠️ No renewal after Oct 2026 for consumers

⚠️ Does NOT add new features or tech support

⚠️ Cannot be extended beyond Oct 2026 for home users

When Windows 10 mainstream support ended October 14, 2025, Microsoft created a free ESU enrollment path for home users who cannot yet upgrade to Windows 11. By enabling the Windows Backup feature while signed into a Microsoft account — a setting accessible in Settings → Accounts → Windows Backup — home users automatically enroll in the free ESU program and continue receiving critical security patches through October 13, 2026. This is a genuine, official Microsoft program. Per PCWorld’s February 2026 report, the free consumer ESU protects against malware and security threats for an additional year at no cost. After October 13, 2026, the consumer ESU ends permanently — there is no renewable extension for home users, and after that date, the right move is to upgrade to Windows 11 or purchase a new Windows 11 PC.

💡 Enable free ESU: Settings → Accounts → Windows Backup → Turn on → Sign in with Microsoft account
🌐 Official info: microsoft.com/en-us/windows/extended-security-updates
⚠️ Consumer ESU ends permanently October 13, 2026 — plan to upgrade.

Free for Home Users Enable Windows Backup Through Oct 2026 Only No Renewal After 2026 Official MS Program

💰 OPTIONAL PAID — ~$30 One-Time, Only If You Prefer Not to Use Cloud Backup

Windows 10 ESU — Consumer Paid Option (~$30)

💳 Optional One-Time Purchase • Official Microsoft Store Only • Not Required

💰 OPTIONAL PAID — Legitimate Fee, But Free Option Also Exists

💰 Cost: approximately $30 one-time per household

💰 Covers up to 10 devices with one license

✅ Purchased through Microsoft Store only

✅ Same security coverage as free ESU option

⚠️ Not needed if you use the free backup option

⚠️ Ends October 13, 2026 — no renewal for consumers

⚠️ Does not include tech support

✅ Cancellable before October 14, 2025 (program start)

For Windows 10 home users who prefer not to use the Windows Backup cloud feature required by the free ESU option, Microsoft offers a one-time paid purchase of approximately $30 that covers one license usable on up to 10 devices. This is a real, legitimate purchase available at the Microsoft Store — not a scam. One license covers security updates through October 13, 2026. It provides the exact same critical security patches as the free ESU path, just through a direct purchase instead of cloud backup enrollment. This fee is never solicited via email, pop-up, or phone call; it is a voluntary purchase that you initiate at store.microsoft.com or through Windows Update settings if your PC is eligible. If you are comfortable enabling cloud backup, the free option is functionally identical and saves the $30.

💳 Purchase only at: Microsoft Store (store.microsoft.com) or Settings → Windows Update
🌐 Official program details: microsoft.com/en-us/windows/extended-security-updates
💡 Consider upgrading to Windows 11 for free instead if your PC is eligible.

~$30 Optional MS Store Only Free Option Also Available Up to 10 Devices Ends Oct 2026

💰 LEGITIMATE BUSINESS FEE — $61/Device Year 1 for Organizations

Windows 10 ESU for Businesses — Volume Licensing

💼 Organizations Only • Volume Licensing • Not for Home Users

💰 LEGITIMATE PAID FEE — For Business Organizations Only

💰 Year 1 (Oct 2025–Oct 2026): $61/device

💰 Year 2 (Oct 2026–Oct 2027): $122/device

💰 Year 3 (Oct 2027–Oct 2028): $244/device

⚠️ Cumulative: joining Year 2 requires paying Year 1 too

✅ Purchased through Microsoft volume licensing

✅ Available up to 3 years (until Oct 2028)

⚠️ Security patches only — no new features or support

⚠️ Designed as a temporary migration bridge, not permanent

For organizations using Windows 10 on business computers, Microsoft offers a structured three-year ESU program through volume licensing. The cost is $61 per device for Year 1, doubling to $122 in Year 2 and $244 in Year 3, per Microsoft Q&A documentation confirmed March 2026. A critical rule: ESU licenses are cumulative, meaning a business that skips Year 1 and tries to enroll in Year 2 must pay for both years simultaneously. Microsoft designed this escalating price structure deliberately to encourage migration to Windows 11 rather than indefinitely delaying. For home users reading this: this business program does not apply to you. Your household Windows 10 PC uses the free or ~$30 consumer ESU options described in Scenarios 6 and 7, not the $61 business rate.

💼 For businesses: Purchase through Microsoft Volume Licensing Service Center (VLSC) or an authorized Microsoft reseller
🌐 Official documentation: learn.microsoft.com/en-us/windows/whats-new/extended-security-updates
💡 Home users: this is not your program. See Scenario 6 for the free consumer option.

$61 Year 1 Business Doubles Each Year Volume Licensing Only Not for Home Users Cumulative Pricing Rule

✅ FREE — Upgrade to Windows 11 at No Cost for Eligible PCs

Windows 11 Upgrade Prompt in Windows Update — Is This Charge Real?

✅ Free Official Upgrade • Never Pay for Windows 11 Upgrade on Eligible PC

✅ FREE — Windows 11 Upgrade Is Always Free for Eligible Windows 10 PCs

✅ Free for eligible Windows 10 PCs

✅ Offered through Settings → Windows Update

✅ Never requires payment or credit card

✅ Most PCs made after 2018 are eligible

⚠️ Requires TPM 2.0 chip (most post-2017 PCs have this)

⚠️ Check compatibility at microsoft.com/windows/windows-11

❌ Any message charging for Win 11 upgrade = SCAM

✅ After upgrade: free security updates ongoing

The upgrade from Windows 10 to Windows 11 is completely free for eligible computers and is confirmed as such in multiple official Microsoft communications and by independent sources including Microsoft Q&A staff and TrustedTech’s November 2025 guide. If a website, email, or pop-up claims you need to pay for a Windows 11 upgrade, that is categorically a scam. The real upgrade offer appears inside Windows Update in your computer settings, requires no payment information, and proceeds entirely through Microsoft’s built-in update process. The only legitimate cost is if your PC is too old to run Windows 11 and you need to purchase a new one — but the software upgrade itself for eligible devices is always free.

💡 Check eligibility: Settings → Windows Update → look for Windows 11 offer, or visit
🌐 Compatibility checker: microsoft.com/en-us/windows/windows-11-specifications
✅ Upgrade is free via Settings → Windows Update → “Upgrade to Windows 11”

Always Free In Windows Update Only Most 2018+ PCs Eligible Any Charge = Scam Check Compatibility First

🚨 SCAM — Third-Party Sites Selling “Windows Security Updates” Are Fraudulent

A Website Is Selling “Official Windows Security Updates” or “Premium Protection”

🌐 Third-Party Website Fraud • Fake Software • Subscription Trap

❌ SCAM — No Legitimate Third Party Sells Windows Security Updates

❌ Windows security updates are ONLY from Microsoft

❌ No third party can sell or deliver official MS patches

❌ “Premium security update” services don’t exist

❌ These sites often install fake antivirus or malware

❌ Monthly subscriptions may be extremely difficult to cancel

❌ Payment data may be harvested for identity theft

✅ Download updates ONLY from microsoft.com

✅ Report to FTC at ReportFraud.ftc.gov

Third-party websites claiming to sell “official Microsoft security updates,” “premium Windows protection plans,” or “critical security patches” are fraudulent without exception. Microsoft distributes all Windows updates exclusively through Windows Update (built into Windows), the Microsoft Update Catalog at catalog.update.microsoft.com, and the official Microsoft Download Center at microsoft.com/downloads. No authorized third party can sell, distribute, or deliver official Microsoft security patches. Sites that claim to do so are typically subscription traps that charge monthly fees for software that either does nothing useful, installs fake antivirus with additional scareware pop-ups, or worse, contains the very malware it claims to protect against. If you have already entered payment information on such a site, contact your credit card company immediately to dispute the charge and request a new card number.

🌐 Only legitimate update sources:
   — Inside Windows: Settings → Windows Update
   — Official catalog: catalog.update.microsoft.com
   — Official downloads: microsoft.com/downloads
🚨 Report fraud sites: ReportFraud.ftc.gov • microsoft.com/reportascam

Third-Party Sites = Scam MS Updates = Internal Only May Install Malware Call CC Company If Paid Report to FTC

Sources: Microsoft Support protect-yourself-from-tech-support-scams (real alerts never in browser; never phone numbers; never unsolicited calls; Microsoft never calls uninvited; apply via Settings>Windows Update; report microsoft.com/reportascam; report [email protected]); Microsoft Q&A documented Windows Defender $399 scam case (remote access granted; banking accessed; never call email number); ExpressVPN Jan 15 2026 (Windows Defender Security Center scam anatomy; scareware tactics; alt+F4 close; full scan after; change passwords; contact bank; enable 2FA); Next-Computers Feb 9 2026 (Trojan:JS/FakeUpdate SocGholish; compromised legitimate sites; fake Windows update screens; Settings>Windows Update only legitimate; never browser; never email; never Win+R scripts); Microsoft.com/en-us/windows/extended-security-updates (consumer ESU free via Windows Backup; ~$30 paid option; up to 10 devices; through Oct 13 2026; no renewal after; enroll Settings>Update&Security>Windows Update); PCWorld Feb 2026 (consumer ESU free; businesses paid 3 years; microsoft.com official only); TrustedTech Nov 24 2025 (Win 11 upgrade free for eligible Win 10 users; $30 consumer ESU; $61 business; Oct 13 2026 consumer ESU ends); Microsoft Q&A May 2026 consumer ESU no renewable extension; Microsoft Q&A March 2026 learn.microsoft.com/en-ca (Microsoft never sends unsolicited billing emails with phone numbers; report microsoft.com/reportascam); Microsoft Q&A business ESU $61/$122/$244 cumulative rule (learn.microsoft.com/en-us/answers/questions/5658037); DOJ Elder Fraud Hotline 1-833-FRAUD-11 (1-833-372-8311); FTC ReportFraud.ftc.gov; FBI IC3 ic3.gov; Microsoft Update Catalog catalog.update.microsoft.com; Microsoft Download Center microsoft.com/downloads

💸 The Tech Support Scam Crisis in Numbers

🚨 Annual Tech Scam Losses

$1.3B+

Total annual losses to tech support scams reported to the FBI’s Internet Crime Complaint Center (IC3). Adults over 60 account for the largest share of both complaints and financial losses. The real total is higher because the majority of victims do not report.

⚠️ Windows 10 End of Support

Oct 14, 2025

The date Windows 10 mainstream support ended. Free security updates stopped for users who did not enroll in the ESU program. Consumer ESU (free via Windows Backup, or ~$30) covers critical patches through October 13, 2026 — then the consumer program ends permanently.

✅ Windows 11 Update Cost

$0.00

The cost of Windows 11 security updates for all home users. Free, automatic, delivered through Settings → Windows Update monthly. No subscription, no credit card, no phone call. Any message claiming otherwise is a scam. Windows 11 mainstream support extends into the 2030s.

💰 Consumer Win 10 ESU Cost

~$30 or Free

The only legitimate fee associated with Windows security updates for home users — an optional one-time purchase at the Microsoft Store covering Windows 10 security patches through October 2026. A completely free alternative exists by enabling Windows Backup in Settings. Any other “update fee” is a scam.

🚨 The Three Tactics That Fool Even Tech-Savvy People

Tech support scammers have refined their methods over years of experience. These three specific tactics are designed to bypass your skepticism:

The Event Viewer trick. A phone scammer asks you to open Event Viewer (a real Windows tool) and shows you “errors.” Every Windows computer displays hundreds of yellow warning and red error entries in Event Viewer under normal operation — this is completely normal system logging. Scammers use these universal entries to “prove” your computer is infected. They are not evidence of anything wrong.
Legitimate-but-compromised websites. Fake update alerts do not only come from obviously suspicious websites. A February 2026 security alert documented the SocGholish malware campaign injecting fake Windows update screens onto legitimate, well-known websites. If a pop-up appears anywhere while browsing, the correct response is to close the browser — not to evaluate whether the website seems trustworthy.
Real KB number confusion. In January 2026, a legitimate Windows update (KB5074109) caused real system problems for some users. Scammers immediately began using this news to make fake “KB5074109 fix” pop-ups and emails seem credible. Always verify any KB number yourself at catalog.update.microsoft.com rather than trusting any external source.

Sources: FBI IC3 annual Internet Crime Report (tech support scams; $1.3B+ losses; adults 60+ largest share); Next-Computers Feb 9 2026 (SocGholish legitimate site injection; KB5074109 real update used in scam confusion; Settings>Windows Update only verification); Microsoft official documentation (Event Viewer normal entries; not evidence of infection); FTC consumer scam data; Microsoft.com Windows 10 ESU ~$30 one-time consumer paid option

📋 Quick Reference — Real Fees vs. Scams at a Glance

Use this table to quickly identify whether a message, email, or phone call about a “Windows security update fee” is legitimate or a scam. When uncertain, go directly to Settings → Windows Update — never through a link, pop-up, or phone instruction.

Situation	Real or Scam?	Cost	What to Do
Browser pop-up: “Call this number”	🚨 SCAM	—	Close browser. Alt+F4. Never call.
Email: “Defender renewing for $399”	🚨 SCAM	—	Delete. Forward to MS phishing email.
Phone: “This is Microsoft Support”	🚨 SCAM	—	Hang up immediately. Report FTC.
Windows 11 update in Settings	✅ REAL	FREE	Click “Download and install.”
Windows 11 upgrade in Settings	✅ REAL	FREE	Accept and follow the prompts.
Win 10 ESU via Windows Backup	✅ REAL	FREE	Enable in Settings → Accounts → Backup.
Win 10 ESU from Microsoft Store	✅ REAL	~$30 optional	Purchase only at store.microsoft.com.
Website selling “Windows updates”	🚨 SCAM	—	Close tab. Report to FTC.
Business Win 10 ESU (volume licensing)	✅ REAL	$61+/device/yr	Purchase through MS Volume Licensing only.
Email: “Pay $9.99/month for Win 11”	🚨 SCAM	—	Delete. Windows 11 updates are always free.
Microsoft Defender (antivirus)	✅ REAL	FREE	Already built into Windows. No action needed.
Pop-up: “Your PC is infected” in browser	🚨 SCAM	—	Close browser. Run Windows Security scan.

Sources: All items verified from official Microsoft sources (support.microsoft.com; microsoft.com/en-us/windows/extended-security-updates; learn.microsoft.com ESU documentation; Microsoft Q&A March 2026; store.microsoft.com) and independent security reporting (ExpressVPN Jan 2026; Next-Computers Feb 2026; PCWorld Feb 2026; TrustedTech Nov 2025). Updated March 2026.

❓ Windows Update Fee Questions Answered Plainly

💡 My Computer Shows a Message That It Is “Not Protected” — Is This Real?

It depends entirely on where that message appears. If it appears in Windows Security (the built-in app): open Start → Windows Security and look at the status. A genuine yellow or red status indicator there is a real notification — it might mean Windows Defender has been turned off, a scan is overdue, or a specific setting needs your attention. These issues are fixed inside that same app, at no cost. If the “not protected” message appeared in a web browser, email, or pop-up: this is a scam. Browsers cannot read your system’s security status — a website displaying this message is lying to you. Close the browser. If it appeared in the system tray (bottom-right corner) with a shield icon: that notification is from Windows Security itself and is legitimate — click the shield icon and follow the built-in instructions, which will cost nothing. The single rule that covers all cases: real Windows security status is visible at Start → Windows Security — nowhere else is authoritative.

💡 I Paid a Third-Party Company for a “Windows Security Update” Service. Can I Get My Money Back?

Potentially yes, and you should try immediately. Contact your credit card company or bank and explain that you were charged for a service that misrepresented itself — specifically, that a third party claimed to sell official Microsoft security updates, which is not a legitimate service. File a chargeback claim. Credit card companies handle these disputes regularly and often side with consumers in clear misrepresentation cases. Contact the company directly to cancel any subscription and request a refund; keep a written record of all communications. If the company is unresponsive or abusive, report them to the FTC at ReportFraud.ftc.gov and to your state Attorney General’s consumer protection office. If you also gave them remote access to your computer, treat it as a security breach and follow the recovery steps in Scenario 4. The sooner you dispute the charge, the better — most card issuers have a 60–120 day chargeback window from the transaction date.

💡 How Do I Set Windows to Update Automatically So I Never Have to Worry About This?

Windows Update can be set to download and install updates automatically — the safest and most convenient option for most users. To enable automatic updates on Windows 11: open the Start menu → Settings (gear icon) → Windows Update → Advanced options → make sure “Receive updates for other Microsoft products” is turned on and “Active Hours” are set to your typical waking hours so restarts happen overnight. On Windows 10: Start → Settings → Update & Security → Windows Update → Change active hours. With automatic updates on, your computer receives and installs security patches in the background without any action required from you. You will never receive a legitimate request to manually download an update from an email or website — all real updates arrive automatically through the operating system. If you receive any external message about an update, it is false.

💡 I Am a Senior on a Fixed Income. My Windows 10 PC Cannot Run Windows 11. What Are My Options?

You have several practical paths. Option 1: Enroll in the free Windows 10 ESU. Go to Settings → Accounts → Windows Backup, sign in with a free Microsoft account, and enable backup. This enrolls you in the free Extended Security Update program that covers critical security patches through October 13, 2026, at zero cost. Option 2: Purchase the optional ~$30 consumer ESU at the Microsoft Store if you prefer not to use cloud backup. Option 3: Switch to a Chromebook or refurbished PC. Basic Chromebooks are available new for $150–$200 and receive free security updates automatically for 8–10 years. Refurbished Windows 11 PCs are widely available for $150–$250 from certified sellers. Option 4: After October 2026, consider upgrading your browser and using cloud-based tools if purchasing a new device is not possible — Google Chrome and Mozilla Firefox receive their own independent security updates regardless of Windows version. Whatever you do, do not pay any unexpected fee to any company that contacted you about your Windows security — those are scams.

💡 Someone I Trust Told Me They Had to Pay for a Windows Security Update. Is It Possible They Are Right?

There is a small chance they encountered one of the two legitimate fee situations: the optional ~$30 consumer Windows 10 ESU purchased at the Microsoft Store, or business IT support fees from a managed service provider. More commonly, however, people who report paying for Windows security updates have been victimized by a tech support scam and either do not realize it yet or are embarrassed to frame it that way. The key question to ask them: How did they hear about the update? Where did they pay? If the answer involves a pop-up, an unsolicited email, a phone call, a third-party website, or payment via gift card, wire transfer, or any amount above $30 for a home user, the payment was fraudulent. If they paid at store.microsoft.com and are on Windows 10, the ~$30 charge is real and legitimate. Encourage them to check their credit card statement and call their bank if any unexpected ongoing charges appear — subscription traps from scam companies are common.

💡 What Are the Safest Habits to Protect Myself From These Scams Going Forward?

Five habits that cybersecurity professionals and consumer protection agencies consistently recommend, written specifically for straightforward practical use. One: never call a phone number from a pop-up or email. If you genuinely need Microsoft support, go to support.microsoft.com yourself by typing that address in your browser. Two: enable automatic Windows updates (Settings → Windows Update) so you never need to seek updates yourself. Three: share a simple rule with family members: “Microsoft never calls you, emails you a bill, or sends pop-ups asking for payment.” This one sentence covers the most common scams. Four: if your screen locks or a loud alarm plays in your browser, turn off your computer at the power button. You cannot damage your computer by turning it off this way. Restart it normally and the browser page will be gone. Five: report every attempt you see, even if you were not fooled. Reporting to ReportFraud.ftc.gov takes three minutes and helps law enforcement track and close scam operations. The FTC and FBI shut down multiple tech support scam rings each year based primarily on consumer reports.

Sources: Microsoft Support protect-yourself-from-tech-support-scams (support.microsoft.com; Windows Security is the only authoritative status location; system tray shield = legitimate; browser pop-up = never legitimate); Microsoft.com Windows 10 ESU (free via Windows Backup; ~$30 paid at store.microsoft.com; through Oct 2026); ExpressVPN Jan 15 2026 (change passwords; 2FA; review autofill; contact bank); FTC ReportFraud.ftc.gov (chargeback guidance; 60-120 day window; state AG referral); Cybersecurity and Infrastructure Security Agency CISA (automatic updates recommendation; safest user habit); Microsoft.com (support.microsoft.com as the only correct support entry point); DOJ Elder Fraud Hotline 1-833-FRAUD-11; FBI IC3 ic3.gov annual reporting; BudgetSeniors.com independent research March 2026 (Chromebook/refurbished PC pricing; practical options for fixed-income seniors)

📍 Report Scams & Get Trusted Help Near You

If you have been targeted by a scam or need in-person help with Windows updates, use these resources. All government reporting services are free. Tech help at public libraries is free and provided by trained volunteers.

Finding help resources near you…

✅ Five Things to Do Right Now to Protect Yourself

Step 1: Enable automatic Windows updates. Open Start → Settings → Windows Update and make sure updates are set to download and install automatically. Set your “Active Hours” to your waking hours so restarts happen overnight. Once this is on, you will never need to seek out updates yourself — and therefore, no message, email, or pop-up about needing to “update now” will ever be genuine.
Step 2: If you use Windows 10, enroll in the free ESU. Go to Settings → Accounts → Windows Backup, sign into a free Microsoft account, and turn on backup. This enrolls you in the Extended Security Update program and continues critical security patches through October 13, 2026 at no charge. After that date, plan to upgrade to Windows 11 (free for eligible PCs) or consider a new device.
Step 3: Memorize the one rule that stops all scams. “Microsoft never calls me, emails me a bill with a phone number, or shows update warnings in my browser.” Write it on a sticky note near your computer if helpful. This single sentence correctly identifies every variation of the tech support scam before you need to evaluate any details.
Step 4: Know exactly how to close a frozen browser. If a loud alarming pop-up freezes your browser: press Alt + F4 (Windows) to close the window. If that does not work, press Ctrl + Alt + Delete and use Task Manager to end the browser process. If all else fails, hold the power button on your computer for 5 seconds to turn it off. Restarting the computer removes the browser page completely. You have not done anything wrong by visiting the website, and your computer is not infected unless you called the number.
Step 5: Report every suspicious message, whether or not you fell for it. Go to ReportFraud.ftc.gov and file a report — it takes about three minutes. Every report strengthens law enforcement investigations. If you are over 60 and were defrauded, additionally call the DOJ Elder Fraud Hotline at 1-833-FRAUD-11 (1-833-372-8311), which has specialized agents for elder fraud recovery cases.

🚨 Three Common Misconceptions That Make Scams More Effective

“The message looked so official, it must be real.” Scam pop-ups, emails, and phone scripts are professionally designed to be indistinguishable from real Microsoft communications. Some replicate the exact visual design of Windows system alerts down to the font and icon. Visual authenticity is not evidence of legitimacy. The only evidence of legitimacy is where the message comes from: real Windows alerts come from inside the operating system (Settings → Windows Update), not from browsers, emails, or phone calls.
“They knew my name and computer model, so they must be from Microsoft.” Scammers purchase consumer data from data brokers that includes names, addresses, email addresses, and sometimes device information. This data is widely and cheaply available. Microsoft does not proactively contact consumers using this kind of data. Knowing your name is not proof of a legitimate Microsoft connection.
“I already paid, so there is nothing I can do.” This is false. Contact your bank or credit card company immediately to dispute the charge. Most card issuers will open a chargeback investigation within 24 hours and provisionally credit the amount while they investigate. The earlier you report, the better the recovery outcome. The FTC and DOJ Elder Fraud Hotline (1-833-372-8311) both have resources specifically for people who have already lost money to tech support scams.

© BudgetSeniors.com — This guide is independently researched and written. We are not affiliated with, compensated by, or endorsed by Microsoft, any government agency, or any technology company. All information is verified from official Microsoft documentation, FTC consumer guidance, and established cybersecurity sources as of March 2026. Technology policies change — always verify the latest information at official sources before acting. For legitimate Windows support, go to support.microsoft.com by typing that address in your browser. • FTC Fraud Reporting: ReportFraud.ftc.gov • FBI Internet Crimes: ic3.gov • DOJ Elder Fraud Hotline: 1-833-FRAUD-11 (1-833-372-8311) • Microsoft Report a Scam: microsoft.com/reportascam • AARP Fraud Helpline: 1-877-908-3360

Primary sources: Microsoft Support protect-yourself-from-tech-support-scams support.microsoft.com (real alerts never in browser; never phone number; never unsolicited calls; apply via Settings>Windows Update; report [email protected]; report microsoft.com/reportascam; change passwords; call bank; run scan after breach); Microsoft.com/en-us/windows/extended-security-updates (consumer ESU free via Windows Backup; ~$30 optional paid; up to 10 devices; enroll any time through Oct 13 2026; through Settings>Update&Security>Windows Update; no renewal after Oct 2026 for consumers; no features or tech support included); Microsoft Learn ESU learn.microsoft.com/en-us/windows/whats-new/extended-security-updates (paid program; voluntary; Year 1 starts Nov 2025; cumulative rule; volume licensing for businesses); Microsoft Q&A March 2026 learn.microsoft.com/en-ca/answers/questions/5817130 (MS never sends unsolicited billing emails with phone numbers; forward to microsoft.com/reportascam; azure.portal.com verify legitimate billing); Microsoft Q&A consumer ESU ends Oct 2026 no renewal (learn.microsoft.com/en-us/answers/questions/5585119; businesses can extend 3 years; consumers cannot renew after Oct 2026); Microsoft Q&A business ESU $61/$122/$244 cumulative (learn.microsoft.com/en-us/answers/questions/5658037; cloud managed ~$45 25% discount; Windows 365 exemption); PCWorld Feb 2026 pcworld.com (ESU free private users through Oct 2026; businesses paid 3 years; MS recommends Win 11 25H2); ExpressVPN Jan 15 2026 expressvpn.com/blog/windows-defender-security-center-scam (scareware anatomy; browser hijack full-screen; looping sirens; fake progress bars; remote access goal; change passwords; contact bank; 2FA; review autofill; close browser alt+F4; run offline scan; Settings>Privacy>Windows Security>Virus&Threat Protection); Next-Computers Feb 9 2026 next-computers.com (Trojan:JS/FakeUpdate SocGholish; fake update screens on legitimate sites; KB5074109 real update used in scam; fake update urgency deadlines; Settings>Windows Update only; never browser pop-ups; never Win+R commands); TrustedTech Nov 24 2025 trustedtechteam.com (Win 11 upgrade free eligible Win 10; ~$30 consumer ESU; $61 enterprise; Oct 13 2026 consumer end; Oct 2028 enterprise maximum; ESU temporary bridge); IT GOAT Apr 2025 itgoat.com ($61/device Year 1 businesses; escalating costs encourage migration); WindowsCentral May 2025 windowscentral.com (Windows 11 updates free; Windows Server 2025 $1.50/core is server only; not Windows 11; Sean Endicott reporting); Microsoft Q&A consumer Windows 10 monthly charge $9.99 scam documented (learn.microsoft.com/en-us/answers/questions/5579466; Windows 11 upgrade completely free for eligible; never monthly fee); FTC ReportFraud.ftc.gov (consumer fraud reporting; chargeback guidance); FBI IC3 ic3.gov ($1.3B+ tech support scam losses; adults 60+ largest share); DOJ Elder Fraud Hotline 1-833-FRAUD-11; AARP Fraud Helpline 1-877-908-3360; Microsoft Update Catalog catalog.update.microsoft.com; CISA automatic updates recommendation; BudgetSeniors.com independent research March 2026

Blog

Recommended Reads

Leave a Reply Cancel reply