What to do if you gave a scammer remote access to your computer
Maybe a pop-up warned that your computer was infected and gave you a number to call. Maybe someone phoned claiming to be from Microsoft, your bank, or Amazon and talked you through installing a program so they could “fix” it. They took control of your screen, opened a few windows that looked alarming, and by the end you had paid for something or watched them dig through your files. Now the call is over and your stomach is in knots.
If that is where you are, stop and breathe. You can limit the damage from here, and the steps that matter most take only a few minutes.
Disconnect the computer right now
Pull it off the internet first. Unplug the network cable, switch off the Wi-Fi, or hold the power button until the machine shuts down. While they have a live connection they can keep working, so cutting it ends the session and stops the remote tool from phoning home. Leave the computer off until you have a plan to clean it.
Change your passwords from a different device
Use your phone or another computer the scammer never touched, not the one they were inside. Start with email, then your bank, then anything that shares that password. Email comes first because it is the master key, the thing that resets all the others. Turn on two-factor authentication while you are there. If you bank online, call the number on the back of your card and tell them a scammer had access to your device.
If money moved, treat it as urgent
Some of these end with a “refund” made too large on purpose, then pressure to send back the difference in gift cards or crypto. Others end with a flat charge for fake services. Either way, call your bank or card issuer now, say the word fraud, and ask about a chargeback or a wire recall. The first hours are when a payment can still be stopped. If you bought gift cards, call the issuer, read them the numbers, and ask them to freeze the balance. If you sent crypto, save the transaction hash and the wallet address before anything else. It will not reverse, but that record is what a tracer follows later. Our guide to preserving evidence in the first 24 hours covers what to keep.
Watch for the call that comes next
This is the part people don’t see coming. A few days later the phone rings again, and now it is a “fraud investigator,” your “bank,” or a supposed government agent saying your accounts are compromised and you need to move your money to a safe account to protect it. That is the same crew, or someone who bought your details from them. The FBI calls this layered version the phantom hacker scam, and the second call is where the bigger money usually goes. No real bank or agency will ask you to move your savings to keep it safe. Hang up and call back on a number you look up yourself.
Report it, then clean the machine
File with ReportFraud.ftc.gov, and if personal information was exposed, start a recovery plan at IdentityTheft.gov. Older adults get hit hardest by these. The FTC counted about $159 million in reported tech-support losses in a single year, and the real number runs higher because most people are too embarrassed to report it. You have nothing to be embarrassed about. Before you trust the computer again, have someone reputable wipe and reload it, or run a full security scan and remove any remote-access tools they added, with names like AnyDesk, TeamViewer, or UltraViewer.
When it is worth bringing in help
Most of these cases are handled by the bank dispute and the reports above, which is the right path when the loss is small. When a scammer drained a retirement account, or pushed real money through a chain of transfers you need documented for a claim, forensic tracing can follow where it went. Our Investigation Help page covers the smaller cases we take on, and for court-grade attribution we route to Rexxfield. None of it promises the money comes back. It keeps the trail from going cold.
One habit worth keeping from today: no real company calls out of the blue asking to remote into your computer. Microsoft doesn’t. Your bank doesn’t. The moment someone asks for that access, the answer is no, and you hang up.
— Gus