Remote Access Scams via Phone Calls
Callers convince victims to install remote-access software, then use the connection to steal banking credentials and drain accounts.
Part of: Remote Access Scams
Last reviewed: 1 June 2026
Remote access scams begin with a phone call — from a fake tech-support agent, a supposed bank fraud team, or an impersonated government official — and end with the victim handing full control of their device to a criminal. The caller's instructions feel helpful and logical: download this app, allow the connection, while we check what is happening on your device.
Once access is granted, the criminal can view all open applications, read stored passwords, access internet banking, and transfer funds — all while keeping the victim talking on the phone to prevent them noticing what is happening on screen.
How this scam works on Phone calls
The caller typically instructs the victim to download a legitimate remote-access application (commonly used by real IT departments) from a search result or a URL the caller provides. Once installed and the connection code is shared, the attacker gains full visual and interactive control.
During the session, the caller may distract the victim with conversation or instructions while using the remote access to log into banking, initiate transfers, or harvest passwords. Some callers show a fake 'refund' arriving in the victim's bank account and then claim it was too much, instructing the victim to send back the 'excess' via bank transfer.
Common red flags
- Unsolicited caller asking you to download any remote-access or screen-sharing software
- Caller provides a URL or asks you to search for a specific app to install
- Request to share a connection code or access ID with the caller
- Instructions not to touch the keyboard or move the mouse while 'engineers work'
- Caller mentions a refund you were not expecting and asks you to send money back
- Caller becomes defensive or aggressive if you question why remote access is needed
How to protect yourself
- Never install remote-access software at the request of an unsolicited caller
- If you already gave access, disconnect the device from the internet immediately and restart it
- Change all passwords from a different, uncompromised device after any suspicious remote session
- Call your bank directly using the number on your card if the caller claimed to be from your bank
- Have remote-access applications reviewed and uninstalled by a trusted professional
How to report it
- Report to Action Fraud, the FTC, or your national fraud authority
- Notify your bank immediately if any financial accounts were visible during the session
- Report the software used to the developer's abuse team if the app was legitimate but misused
Frequently asked questions
I gave a caller remote access — what is the immediate priority?
Disconnect from the internet immediately by unplugging your router or disabling Wi-Fi. From a different device, change the passwords on your email, banking, and any accounts visible during the session. Then call your bank's fraud team and report the incident to your national fraud authority.