What to Do If You Gave a Scammer Remote Access to Your Computer

You just realized you gave a scammer remote access to your computer. Maybe it was a "Microsoft support" call. Maybe a popup told you your computer was infected. Maybe someone claiming to be from your bank needed to "check something." It does not matter how it happened — what matters is what you do in the next 30 minutes.

This is a time-sensitive situation. Every minute the scammer has access or has installed tools on your machine is a minute they can steal passwords, install persistent backdoors, or initiate financial transfers. Here is the exact sequence of steps to follow.

Step 1: Disconnect From the Internet Immediately

Do not close the remote access program. Do not try to shut down gracefully. Do not waste time looking at what they did.

On a laptop: Turn off Wi-Fi using the physical switch or keyboard shortcut. Unplug any Ethernet cable.

On a desktop: Pull the Ethernet cable out of the back of the computer. If on Wi-Fi, turn off your router or unplug it.

Why this is urgent: Remote access tools like AnyDesk, TeamViewer, and UltraVNC require an active internet connection. The moment you disconnect, the scammer loses control. But they may have also installed a secondary backdoor that reconnects automatically — which is why you will need to do more than just disconnect.

Step 2: Do Not Turn Off Your Computer Yet

This seems counterintuitive, but do not shut down immediately after disconnecting from the internet. If the scammer installed malware, shutting down may trigger persistence mechanisms that make the malware harder to remove. Some malware writes itself to startup routines during the shutdown process.

With the internet disconnected, the scammer cannot access your machine. You are now safe to work through the remaining steps methodically.

Step 3: Document What Happened

While it is fresh in your memory, write down:

The phone number or website that initiated the contact
The name of the remote access software they asked you to install (AnyDesk, TeamViewer, UltraVNC, SupRemo, ConnectWise, LogMeIn)
How long they had access
What they asked you to do (open banking sites, enter passwords, download files)
Any names or "employee IDs" they gave
What you saw on your screen while they had control

This documentation is critical for fraud reports, bank disputes, and law enforcement.

Step 4: Remove the Remote Access Software

Reconnect to the internet briefly only if needed to download removal tools onto a separate device. On the compromised computer, while still offline:

Windows:

Open Control Panel → Programs → Uninstall a Program
Look for AnyDesk, TeamViewer, UltraVNC, SupRemo, ConnectWise ScreenConnect, LogMeIn, or any program you do not recognize that was recently installed
Uninstall each one
Check your Downloads folder for any files the scammer downloaded

Mac:

Open Finder → Applications
Look for the same programs
Drag them to Trash and empty Trash
Check Downloads folder

Important: Scammers sometimes rename remote access tools to look like system utilities. Sort your installed programs by date and examine anything installed on the day of the scam.

Step 5: Run a Full Malware Scan

The scammer may have installed keyloggers, info-stealers, or remote access trojans (RATs) that persist beyond the original remote access session.

Using a separate clean device, download Malwarebytes (free version works for this scan) onto a USB drive. Transfer it to the compromised computer and run a full system scan while offline.

Scan your system for hidden threats

Malwarebytes detects and removes keyloggers, remote access trojans, and spyware that standard antivirus programs miss. Download the free version to run a one-time scan, or upgrade to Premium for real-time protection.

Learn More

If the scan finds threats, quarantine and remove them. Then run the scan again to confirm they are gone.

Step 6: Change Every Password — From a Different Device

This is critical: do not change passwords from the compromised computer. Use your phone or a different computer that the scammer never had access to.

Priority order:

Email password — your email is the master key to every other account (password resets go here)
Banking and financial accounts — check for unauthorized transactions while you are logged in
Password manager (if you use one) — change the master password
Social media accounts — scammers sometimes use compromised social accounts to target your contacts
Any account you logged into while the scammer had access

For each account, also check:

Active sessions (log out of all sessions)
Recovery email/phone (make sure the scammer did not add theirs)
Two-factor authentication settings (make sure they were not changed)

Step 7: Contact Your Bank

Call your bank and credit card companies using the phone number on the back of your card. Tell them:

Your computer was compromised via remote access
You need to check for unauthorized transactions
You want a temporary freeze on outgoing transfers
Ask whether any new payees or Zelle recipients were added

If the scammer accessed your banking site during the session, the bank may issue new account numbers. This is an inconvenience, but it is the only way to ensure the scammer cannot initiate transfers later.

Monitor your identity for unauthorized activity

Aura watches your bank accounts, credit file, and the dark web 24/7. If a scammer opens a credit card in your name or tries to access your financial accounts, Aura alerts you immediately — with a U.S.-based support team ready to help you respond.

Learn More

Step 8: Freeze Your Credit

If the scammer saw any personal information on your screen — Social Security number, date of birth, address — freeze your credit immediately at all three bureaus:

Equifax: equifax.com/personal/credit-report-services/credit-freeze
Experian: experian.com/freeze
TransUnion: transunion.com/credit-freeze

Freezing is free and takes about 10 minutes per bureau. It prevents anyone from opening new accounts in your name.

Step 9: File Reports

FTC: reportfraud.ftc.gov
FBI's IC3: ic3.gov (especially if financial losses occurred)
Local police: File a report for insurance and banking dispute purposes
Your state attorney general: Most have online fraud reporting portals

Step 10: Assess Whether You Need a Clean Install

If the malware scan found serious threats, or if the scammer had access for more than 15-20 minutes, consider wiping the computer entirely and reinstalling the operating system. A full reinstall is the only way to guarantee that no hidden malware persists.

Before wiping, back up important files (documents, photos) to an external drive — but do not back up any executable files or programs, as they may be compromised.

Preventing This in the Future

No legitimate company will ever call you about a computer problem. Microsoft, Apple, Google, and your ISP do not make outbound calls about infections.
Popups saying "Your computer is infected, call this number" are always scams. Close the browser. Force quit if needed.
Never install remote access software at someone else's request unless you initiated the support request with a known, verified company.
Keep your operating system and browser updated. Many scam popups exploit vulnerabilities in outdated browsers.

Key Takeaways

Disconnect from the internet immediately — this cuts the scammer's access
Remove the remote access software and run a full malware scan
Change all passwords from a different, clean device
Contact your bank and freeze your credit if personal information was exposed
File reports with the FTC and IC3
Consider a full OS reinstall if the scammer had extended access

Get the ClearShield recovery toolkit

Free guides for bouncing back from scams and breaches.

Related Articles:

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.