Remote Access Scams
Any scam that persuades you to install screen-sharing or remote-control software to seize your device.
Last reviewed: 1 June 2026
What this scam is
Remote access scams are a broad category covering any fraud in which the scammer persuades you to install legitimate remote-control or screen-sharing software and grant them access to your device. The tools used are real, legitimate applications — the fraud lies entirely in who is using them and for what purpose.
These tools have genuine uses in IT support: a real technician at your workplace may use them to help you troubleshoot a problem. Scammers have adopted the same tools because granting access to them feels less alarming than handing over a password — it feels like watching someone work, not like giving them your keys.
Once connected, the scammer has full control of everything on your screen. They can read saved passwords and stored files, access your banking applications, make transfers, add payees, capture one-time authentication codes, and install malware that persists after the session ends. Some scammers dim the screen during the most sensitive actions so you cannot see what they are doing.
Remote access is the endpoint of many other scam types — fake tech support calls, browser lock pages, and fake antivirus scams all frequently escalate to a remote-access request. It is also used in bank impersonation scams and fake police or investigator scenarios.
How it works
The scammer establishes a pretext that makes the remote-access request seem reasonable. Common pretexts include: a technical problem they need to fix on your device, a bank fraud they need to investigate, a refund they need to process, or a police operation requiring your assistance. Each pretext is designed to frame the request as something being done for you rather than to you.
They guide you to download a specific remote-access tool and provide a session code. These tools install quickly and are designed to be user-friendly — walking someone through the process takes only a few minutes. Once you enter the code and grant access, the scammer's screen shows everything on yours.
A common technique is to ask you to log into your online banking 'so we can verify your account is safe' or 'to process your refund'. Once you have logged in, they may dim your screen, navigate to your account independently, or guide you through actions you do not fully understand the consequences of.
Some scammers use screen control to plant fake evidence — displaying fabricated transaction lists or error screens — to convince you that the problem is worse than it is and that you must pay more to resolve it.
After the session ends, malware installed during the session can maintain persistent access, allowing the scammer to return to your device without your knowledge.
Why this scam works
The scam succeeds because it inverts the usual framing of danger. You are not being asked for your password — you are being 'helped'. The remote-access tool is real software used by real support teams, which makes it feel legitimate. The person on the call is often friendly, professional, and patient, which builds trust over the course of the interaction.
The pretext is calibrated to your situation. Bank fraud investigations feel urgent and serious. Technical problems feel like they need expert help. Law enforcement scenarios feel dangerous to ignore. Each creates a different emotional state — urgency, confusion, fear — that reduces the likelihood of pausing to evaluate the request critically.
Once connected, the session feels collaborative. You are watching someone 'fix' things, which reinforces the belief that this is genuine. By the time you understand what has happened, the session is over.
A typical pattern
A person receives an unsolicited call from someone claiming to be from their bank's fraud prevention team. The caller says an unauthorised payment attempt has been detected and asks them to install a security application to help investigate. The person installs the software and shares the access code. The caller asks them to log into their online banking 'to verify the account'. The screen dims. After a few minutes, the caller says everything is resolved and ends the session. The person later discovers that two payments were made to new payees added during the session.
Common red flags
- Any request to install remote-access or screen-sharing software from an inbound contact
- Being asked to share an access code with someone you did not contact first
- Request to log into your bank while connected to the session
- Screen dimming or 'don't touch anything' instructions during the session
- Caller claims to be tech support, your bank, or law enforcement
- Pressure to act quickly before something bad happens
- Request to keep the session secret from family members
- Being guided through actions that you do not fully understand
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
To secure your account, install [remote tool] and give me the access code so I can protect your funds.
Our bank fraud team needs to access your device to investigate suspicious activity. Download [remote tool] from [fake link].
We're processing your refund. Please log into your bank while I am connected so I can credit the right account.
This is IT support. Your device is sending error signals. Download [remote tool] and read me the code on screen.
The police are investigating an account in your name. To clear your name, we need to see your device. Install [remote tool].
Your warranty support entitles you to a remote tune-up. Please install [remote tool] and share the session code.
Common variations
- Tech support variant — caller claims to fix a device problem
- Bank impersonation variant — caller poses as the fraud team to 'protect' accounts
- Refund scam variant — caller processes a refund and 'accidentally' overpays, asking the victim to send back the difference
- Law enforcement variant — caller poses as police investigating fraud linked to the victim's account
- Investment recovery variant — caller offers to recover previous scam losses via remote access
- Pop-up initiated variant — a browser lock page provides the number that leads to a remote-access request
How to verify before you act
The core principle is simple: if you did not initiate the contact, do not grant remote access. Legitimate support teams at real companies do not cold-call you and ask you to install software.
If you receive a call from someone claiming to be your bank's fraud team and asking you to install software, hang up. Call your bank directly on the number on the back of your card or on their official website. They will either confirm the call was genuine (very unlikely) or confirm it was fraud.
If you have a legitimate IT support request — for example, a technician at your workplace — verify their identity through a channel you control before granting access. Call the IT department's number directly, not one they give you.
Never log into your bank, email, or other accounts while a remote session is active with someone you do not personally know and trust.
Payment methods used
- Direct bank transfer executed during the session
- Captured login credentials used later
- Gift cards charged for bogus services
Who is usually targeted
- Older adults
- Less tech-confident users
- Anyone under emotional pressure from a convincing pretext
What to do immediately
- End the remote session immediately — close the remote-access application
- Disconnect from the internet (turn off Wi-Fi or unplug the cable)
- Uninstall the remote-access software that was installed
- Contact your bank immediately to check for unauthorised transactions or new payees
- Change all passwords from a separate, clean device
- Enable stronger two-factor authentication on financial and email accounts
- Run a full security scan to check for any malware installed during the session
How to prevent it
- Never install remote-access software for someone who contacted you unsolicited
- Never share a session code with someone who called you
- Never log into your bank or financial accounts while connected to a remote session with an unknown party
- Hang up on any call requesting remote access and verify by calling the organisation back on an official number
- Keep family members — especially older adults — informed about this scam
- If you feel pressured to act quickly, treat that pressure itself as a warning signal
- Know the name and how to uninstall any remote-access tools on your device before you need to act fast
Evidence to preserve
- Name of the remote-access software installed
- Any session codes shared
- Caller ID or number (even if spoofed)
- What the caller claimed to represent
- Any files or messages received during the session
- Bank statements covering the period of the session
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
What should I do if I gave someone remote access?
Disconnect from the internet, end and uninstall the remote tool, change passwords from a clean device, enable strong 2FA, and contact your bank immediately. Act quickly — the sooner you act, the more likely you are to limit the damage.
Are the remote-access tools themselves dangerous?
The tools (such as those used for legitimate IT support) are not themselves dangerous — they are used by real support teams. The fraud is in who is using them. Never grant access to someone who contacted you unsolicited.
The caller knew details about my bank — doesn't that prove they're real?
No. Bank names, account types, and general financial information are frequently available from data breaches or public records. Knowing the name of your bank does not verify someone is from that bank.
Can I recover money transferred during a remote session?
Contact your bank immediately — the sooner you report it, the better the chance of recovery. Banks have fraud response teams who may be able to recall transfers. Report to your national fraud authority as well.
Could they have installed malware during the session?
Yes. Run a full security scan after any unverified remote session. If malware is found, follow the removal advice from the security software and consider seeking professional help to ensure the device is clean.
What if the screen went dark and I couldn't see what they were doing?
Screen dimming during a remote session is a red flag — it often means the person was taking actions they did not want you to see. Check all recent transactions, new payees, and account changes immediately.