Recovering From a Remote Access Tech Support Scam

Immediate Steps After a Remote Access Scam

The very first thing you need to do, if you haven't already, is disconnect your computer from the internet. Unplug your Ethernet cable or switch off your Wi-Fi immediately. This prevents the scammer from having any further control or access to your device and limits their ability to steal more data or install malicious software.

While disconnecting from the internet is critical, don't power down your computer just yet. Some forensic data that might be useful for reporting could be lost if you turn it off too soon. However, do not log back into any accounts until you've taken further steps to secure your system.

What Information Might They Have Accessed?

If a scammer had remote access, they could have seen or copied almost anything on your computer that was accessible during their session. This includes documents, photos, browser history, saved passwords, and even financial details if you logged into banking sites while they were watching.

They might also have installed malware, keyloggers, or other malicious software designed to continue collecting your information after they've disconnected. It's a sobering thought, but understanding their potential access helps frame your recovery actions.

Securing Your Digital Identity

After disconnecting, and before reconnecting your computer, you need to change all your important passwords. This includes your email, banking, social media, shopping accounts, and any other services where you have saved payment details. Use strong, unique passwords for every account.

If the scammer tricked you into providing banking details or made unauthorised transactions, contact your bank or financial institution immediately. They can block cards, reverse transactions, and advise you on further steps to protect your finances. Also, notify any online payment services like PayPal if compromised.

Essential Password Changes:

• Email accounts (primary and secondary)
• Online banking and financial apps
• Social media platforms
• Online shopping accounts (e.g., Amazon, eBay)
• Any cloud storage services (e.g., Google Drive, Dropbox)

Cleaning and Rebuilding Your Computer

While it might sound drastic, the safest and most thorough way to ensure your computer is free of any lingering malware or backdoors after a remote access scam is to perform a clean installation of your operating system. This erases everything from your hard drive and reinstalls Windows or macOS from scratch. Make sure you back up any essential personal files to an external hard drive (scan them for viruses before copying them back to your clean system).

If a full reinstall isn't immediately possible, run a full, deep scan with a reputable antivirus and anti-malware program. However, be aware that sophisticated malware might evade detection by certain security software. A clean reinstall is generally the most secure option for peace of mind. KNOMI can guide you through this complex process and help ensure your systems are truly clean and secure.

Reporting the Incident

Reporting the scam helps authorities track these criminal operations and protects others from falling victim. In Australia, you should report all scams to ReportCyber at cyber.gov.au. If you suffered a financial loss, also report it to Scamwatch at scamwatch.gov.au. Provide as much detail as possible, including any phone numbers, email addresses, or specific websites the scammers used.

Additionally, if your identity might have been compromised, contact IDCARE (idcare.org) for free, compassionate support and guidance on identity theft recovery. They are Australia's national identity and cyber support service. Remember, when something goes wrong online and you need expert guidance through the steps of recovery, KNOMI is who you call.

Frequently asked questions