Did You Give a Scammer Remote Access To Your Computer?
Soraida Morales was confused when she got a bill for $399 for virus protection for her computer. She’d never signed up for the service, so she called the number in the email to reverse the charge [*].
But once she was on the phone, the technical support agent convinced her to give him remote access to her computer so that he could “fix” the charge for her. Soraida watched as the agent moved her mouse, downloaded apps, and entered code on her computer.
Then, he stole $3,000 from her.
Soraida was the victim of a remote access scam. In this type of scheme, fraudsters trick victims into downloading apps that give total control of their computer to the scammers. According to the FBI’s Internet Crime Complaint Center (IC3), tech support scammers cost victims over $18 billion in 2021 [*].
If you give a scammer remote access to your computer, you need to act quickly.
Here’s how to regain control of your computer, identify future remote access scams, and protect yourself from malicious hackers.
What Can Scammers Do With Remote Access to Your Computer?
Remote access scams occur when scammers pose as tech support agents or use other phishing attacks to dupe you into giving them remote access to your computer.
Often, they’ll start by impersonating a legitimate support agent from a tech company or retailer — such as Microsoft, Amazon, or the Best Buy Geek Squad. Then, they’ll either reach out to you via phone call, text, or email — or create fake websites and pop-ups that fool you into thinking your computer is infected with malware and only they can help you.
That sense of urgency and fear is what allows scammers to bypass your natural suspicions. They’ll tell you the only way to fix your computer is to allow them to install remote desktop access software which requires that they take over control of your computer.
But what happens next?
If a scammer gets into your computer remotely, they could:
- Crawl your hard drive for sensitive data, passwords, and photos. Scammers will quickly collect anything they can use to withdraw money from bank accounts, steal your identity, or extort you for money.
- Install invasive malware or spyware. Scammers can establish ongoing access to your computer without you even knowing it. They do this by installing add-ons or programs onto your computer that continually steal sensitive information or mask what they’re doing behind the scenes. So what you see on the screen isn’t what’s actually happening.
- Commit identity theft. With all the personal information that they find on your computer, scammers will have everything they need to steal your identity.
- Hold your information hostage. Hackers can download what’s called “ransomware” onto your computer. It locks all of your files unless you pay a ransom.
- Sell your information on the Dark Web. People who commit fraud and theft on the Internet often make use of the Dark Web. This hidden illegal marketplace is a hotspot for scammers and hackers who buy and sell ready-made packages of people’s personal information to fellow Internet criminals.
Did You Give Someone Access to Your Computer? Do This Now!
- Immediately disconnect your device from the internet
- Use a different device to update your passwords
- Use antivirus software to uncover malware on your device
- Remove suspicious apps, browser extensions, and add-ons
- Back up your computer
- Wipe your computer and restore to previous settings
- Update and secure your internet router
- Freeze your credit card and contact your financial institutions
- Consider signing up for identity theft protection
- Report the scam to the FTC and law enforcement agencies
- Thoroughly vet and verify any technical support services
If your device has been compromised by a scammer, here’s how to reverse the damage as soon as possible:
1. Immediately disconnect your device from the internet
Remote access scams depend on an internet connection in order to function properly. Removing the hacker’s access to your device is your first line of defense.
Here’s what to do:
- Click on the Wi-Fi icon in the upper-right corner of your computer screen, and toggle it to “off” to disconnect from the Internet. You can also do this in your device’s settings, usually under “network” or “Wi-Fi.”
- You can also shut off your computer entirely for even more protection. Some types of malware, once installed, can run even without an internet connection.
2. Use a different device to update your passwords
Scammers will look for sensitive information like passwords and account numbers. With access to just your email account, they can hack into your bank account, social media profiles, and other online accounts. Minimize the damage by creating new passwords and locking scammers out of your accounts.
Here’s what to do:
- Before you start, make sure you’re using a device that’s not compromised. For example, use a smartphone, tablet, or another computer that hackers don’t have access to.
- Log into all password-protected accounts, including email accounts and bank accounts, and change your passwords.
- Set up a password manager to help manage your passwords and make sure that you’re using unique and secure passphrases.
- Enable two-factor authentication (2FA) on your accounts to maximize your security. 2FA requires a special code whenever you log into an account, which hackers don’t have. For ultimate security, use an authenticator app rather than SMS for your 2FA codes.
3. Use antivirus software to uncover malware on your device
You’ll need help eliminating the harmful programs that fraudsters remotely install onto your device. This can’t be done manually. Instead, a trustworthy antivirus software program like Aura’s can identify, isolate, and neutralize malicious viruses.
Here’s what to do:
- If you haven’t invested in reliable antivirus software, now is the time. Install antivirus software, and run a full scan to detect any malware that has infected your device.
- Make sure you keep your antivirus software up to date and schedule regular scans. Most antivirus programs work in the background to keep your computer secure.
💡 Related: Have I Been Hacked? How To Recognize and Recover From a Hack →
4. Remove suspicious apps, browser extensions, and add-ons
Scammers use a combination of legitimate software, malware, and browser extensions to maintain remote control of your computer. Make sure you remove any apps, tools, or extensions that you don’t recognize.
Here’s what to do:
- Scan your Applications folder for any apps you don’t recognize. Be on the lookout for tools such as Remote Desktop, TeamViewer, AnyDesk, and RemotePC.
- Open your browser and find “Extensions,” usually under the main menu or under “Settings.” Remove any you don’t use, and verify that the ones you have come from reputable companies.
- You may also consider starting completely fresh by deleting and reinstalling your browser.
💡 Related: How Do Hackers Get Passwords? (And How To Stop Them) →
5. Back up your computer
Before you reset your device completely, make sure all your files and settings are safely copied onto an external hard drive or backed up onto the cloud.
Here’s what to do:
- If you have a Mac, you can use the Time Machine application to back up all your files automatically. This program is already built into your computer’s operating system.
- On a Windows computer (with Windows 10 and later), use the built-in Backup option under “Settings.” If you have an earlier version of Windows, there are several third-party options available.
- Use an external hard drive to store all your data in one place. As long as all your information fits and you don’t lose track of the physical drive, this is a practical option.
- If you require extra storage space, you’ll need to back up all your data onto the cloud. If you choose this option, make sure your cloud-based storage system is reliable and secure.
6. Wipe your computer and restore to previous settings
Once all your data is saved in a secure location, you can wipe your hard drive completely and do a system restore. This essentially puts your computer back into its default state (before it was hacked). This is the last step to cleaning up your device.
Here’s what to do:
- Find a detailed guide online that’s specific to your device. Make sure you’re following a trustworthy source (for example, this guide from Insider).
- Alternatively, use a guide directly from the manufacturer (like this guide from Microsoft).
7. Update and secure your internet router
The most sophisticated malware may be invasive enough to affect other devices in your household via your home internet connection. And in some cases, hackers will break into your home WiFi router to gain access to your devices. To prevent this, it’s a good idea to encrypt your home network.
Here’s what to do:
- Go into your router settings and ensure that it’s set to either WPA3 or WPA2. This is the default for most modern routers.
- If these options are not available on the settings menu, your router has inadequate security capabilities. Consider purchasing a new router so that your information stays as safe as possible.
- Change your router passwords (both the admin password and the WiFi password). This may require contacting customer support for the router manufacturer. Make sure you go to their official website directly to contact them.
- Avoid turning on router features like WPS, “remote management,” and UPnP. While these have the benefit of convenience, they ultimately weaken the security of your router.
💡 Related: How To Tell If Your Wi-Fi Has Been Hacked (And What To Do) →
8. Freeze your credit card and contact your financial institutions
Most hackers who initiate remote access scams are looking to steal your money or gain access to your bank account. Even if you haven’t seen any signs of financial fraud, you’ll want to preemptively cut off their access to your accounts as soon as possible.
Here’s what to do:
- Contact your bank(s) immediately and notify them that your account has been compromised.
- Check for unauthorized charges to your account and ask your bank to reverse them.
- If you believe the scammer has access to your personal data, consider setting up a fraud alert, credit lock, or credit freeze to prevent them from opening up new lines of credit in your name.
9. Consider signing up for an identity theft protection service
If hackers have remote access to your computer, they could have access to enough personal information to steal your identity. The risk of identity theft isn’t at the forefront of most people’s minds until their information has already been stolen. But identity fraud is much more prevalent — and debilitating — than you might think.
Here’s what to do:
- Sign up for an identity theft protection service like Aura. With Aura, you get fraud alerts up to 4x faster than the competition and $1 million in insurance coverage for eligible losses due to identity theft.
- Aura also bundles identity theft protection and credit monitoring with digital security software. Every Aura plan includes features like a password manager, virtual private network (VPN), antivirus software, and more.
10. Report the scam to the FTC and law enforcement agencies
Sharing your report about an internet scam will help authorities protect others. It will also provide the documentation you need to dispute fraudulent charges and claim an extended fraud alert.
Here’s what to do:
- File a report with the FBI’s Internet Crime Complaint Center (IC3).
- Report the scam to the Federal Trade Commission (FTC) at ReportFraud.FTC.gov.
- If the scammer has stolen your personal information, file an identity theft report at IdentityTheft.gov.
- If you know any details about the criminal that could help the police, contact your local law enforcement agencies and file a complaint.
11. Thoroughly vet and verify any technical support services
Prevention is the best protection. In the future, make sure you slow down and verify any technical support services before downloading software or giving anyone remote access to your computer.
Take your time, even if you’re worried about a virus. In many cases, there is no malware, and the threat itself is part of the scam.
Here’s what to do:
- Never click on a link or call a number listed on a notification offering to clean your device. Instead, use a trusted support service, like the manufacturer’s official number.
- Spend time researching before calling a tech service. Look for customer reviews on independent websites, and examine any service’s official website as well.
- Take advantage of valuable resources like the Better Business Bureau’s Scam Tracker. You can use their search function to verify whether or not a business or organization is legitimate or suspicious.
💡 Related: How To Tell If Someone Is Scamming You Online →
How Scammers Get Remote Access To Your Computer
Internet scams are much more sophisticated now than they were even a few years ago. To the average person, they’re not so obvious. To help you stay safe, here’s a list of the most common tactics used by scammers to gain access to your computer:
1. Fake bills or invoices
If you get an unexpected email (or text message) informing you that you owe a large amount of money, don’t trust it.
Emails that provide an online invoice link (rather than a PDF) are especially suspect. You can always double-check the validity of a bill by searching for the agency’s customer support line on your own and inquiring about the charge.
2. Tech support emails
Tech support scams are among the most common kinds of remote access scams. You’ll receive an email claiming that your device has been infected by a virus. The source of the notification will appear to be a well-known security company offering anti-malware services that will fix your problem.
💡 Related: How To Know If Your Email Has Been Hacked (And What To Do) →
3. Fraudulent auto-renew texts or emails for unwanted services
Chances are, you’ll recognize off the bat that you don’t remember signing up for the subscription in the first place. But the scammer is hoping you’ll follow a link or call the phone number provided anyway.
If you’re unsure whether it’s a legitimate charge, verify this information elsewhere, like through the company’s official hotline.
4. Pop-ups warning that your computer has been infected by a virus
Avoid clicking on any scare-mongering banners or pop-ups as you surf the web. These scams usually flash alarming warnings allegedly signaling that your device has been compromised. They’re usually harmless (unless you click on them), but close out the window immediately to be safe.
5. Suspicious text messages claiming to come from Amazon, Microsoft, or other well-known companies
Scammy messages rely on the credibility of a household name to make sure you don’t look too closely.
If you realize any communication is out of the ordinary, examine it for typos, misspellings, strange wording choices, and unprofessional requests or offers.
💡 Related: How To Identify a Fake Amazon Email →
6. Requiring remote access software immediately
Scammers nearly always ask you to install remote access software, like TeamViewer, LogMeIn, or AnyDesk — which gives them complete control over your computer. Legitimate services also use these tools, but be cautious of anyone who demands that you use them.
How To Protect Yourself Against Remote Access Scams
- Download reliable antivirus software and keep it up to date.
- Use a privacy-focused browser (such as Brave or Firefox) and install an ad-blocker to fight pop-ups.
- Consider activating your computer’s firewall capabilities via the privacy settings menu. This can help stop scammers from hacking your computer.
- Learn the warning signs of a tech support phishing email and stay vigilant.
- Regularly check your credit report and bank statements. Scammers are almost always after your financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts you don’t recognize. An identity theft protection service like Aura can monitor your credit and statements for you and alert you to any signs of fraud.
- Only look for technical support from reputable providers. Companies like Microsoft and Apple offer complimentary tech support services with the purchase of their devices. Always contact them using their official platforms only.
- Never click on links in emails or text messages. If you think an account has been compromised, go directly to that site and log in.
- Block and report any scam emails that come into your inbox so that they can’t reach you again.
- Never give anyone remote control over your device unless it is someone you know personally and trust.
- Never pay for a service using gift cards — anyone who requests payment this way is a scammer.
Lastly, Consider signing up for identity theft protection. Aura’s top-rated identity theft protection monitors all of your most sensitive personal information, online accounts, and finances for signs of fraud. If a Snapchat scammer tries to access your accounts or finances, Aura can help you take action before it’s too late. Try Aura’s 14-day free trial for immediate protection while you’re most vulnerable.
💡 Related: Digital Security: How To Stay Safe Online in 2022 →
Looking for Support? Here Are Some Legitimate Tech Support Options
If you want professional help restoring your system after a security breach, there are many safe ways to get it.
For devices running Windows, contact official Microsoft support:
- Visit support.microsoft.com
- Businesses can call 1-877-696-7786
For a Mac, iPhone, or iPad, get in touch with Apple support:
- Visit support.apple.com
- Call (800) APL–CARE (800–275–2273)
Another trusted option is Best Buy Geek Squad. Their services include an array of security cleanup measures and support tools.
The Bottom Line: Don’t Give Scammers Access to Your Computer
If you’ve ever fallen for a remote access scam, you’ll develop a healthy dose of skepticism for unexpected messages that find you on the Internet.
But without the right protections, sophisticated scammers can still get to you. Give your personal information the best protection possible by investing in a comprehensive cybersecurity platform like Aura.
