What To Do After a Remote-Access Tech-Support Scam
Steps to clean up and secure your device, accounts, and finances after a scammer gained remote access under the pretence of providing technical support.
Last reviewed: 1 June 2026
First 10 minutes
- Disconnect your device from the internet immediately (disable Wi-Fi and unplug ethernet)
- End any remote desktop session (close AnyDesk, TeamViewer, or similar tools) and uninstall the software
- Do not let the scammer reconnect even if they say it is necessary to 'finish the fix'
- Call your bank if you saw any banking sites opened during the session or entered any financial details
- Note down the name of the remote access software used and any reference or 'case' number given
First 24 hours
- Change passwords for email, banking, and any accounts accessed during the session — do this from a different, trusted device
- Report to your national cybercrime or fraud service with the software name and any contact details from the scammer
- Run a full antivirus and malware scan once the device is isolated; consider a full factory reset if banking was accessed
Contact your bank or payment provider
- Contact your bank immediately if banking was accessed, shown, or if you entered any financial credentials during the session
- Ask the bank to review the session period for any transfers, new payee additions, or settings changes
- Request a temporary transaction hold or enhanced authentication requirement on your account
Evidence to preserve
- Screenshots of the pop-up alert, error message, or fake website that initiated the scam
- The name and version of the remote access software installed
- Any reference numbers, phone numbers, or 'technician names' provided by the scammer
Secure your accounts and devices
- Uninstall all remote-access software installed during the scam
- Change passwords for every account from a clean device — not from the compromised one until it has been fully scanned
- Enable two-factor authentication on email and banking accounts
Report it
- Report to your national fraud/cybercrime service
- Report to the platform, bank, or provider involved
- Keep any reference numbers you're given
Remote-access tech-support scams begin with a frightening message — usually a fake virus alert or a pop-up claiming your computer has been hacked — and then a phone call where a 'technician' offers help. Once connected, scammers can install persistent malware, harvest saved passwords, open banking sessions, and set up ongoing access that continues after the call ends.
The most important step is a complete security review of the device. If banking was accessed or any credentials were visible, change those credentials from a different device first. A full factory reset is the safest option if you are unable to verify the device is clean. Many victims are re-targeted by the same group shortly after the first incident — be alert to any follow-up contact.
Frequently asked questions
The scammer said they had put a monitoring tool on my computer to protect it — what should I do?
Treat your computer as compromised. Uninstall all remote-access or monitoring software, run a full malware scan, and consider a factory reset. A factory reset is the only way to be certain no persistent access tools remain if you cannot confidently identify every installed program.
I paid the scammer by bank transfer before I realised — can I get it back?
Contact your bank immediately and explain it was a tech-support scam. Request a payment recall. In many jurisdictions, tech-support scam payments qualify under APP fraud reimbursement schemes. Speed significantly improves the chance of a successful recall.