Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What Can a Technician with Remote Access Do?

Question: I called a number that I thought was the support center and was immediately connected with a technician who skillfully asked my permission to allow him access to my computer so that he could diagnose the problem and I agreed. After he informed me that I had over a thousand errors that needed to be erased and that he could do this for me for only $250.00 I realized that this was some kind of scam and I promptly ended the call. What kind of risk have I exposed myself to?

First, good on you for terminating that call. While it may have obviously been a scam to you and me, I continue to hear that many people fall for it.

But the big question is, you let a stranger with malicious intent use your machine remotely. How worried should you be?

Unfortunately, there’s no clear answer.

Become a Patron of Ask Leo! and go ad-free!

What could that “technician” have done?

There’s no way to know what the technician (perhaps the wrong thing to call him, but we’ll run with it) has done.

If you know what you’re watching, you might see what they’re doing. Their willingness to answer questions about what you see might be a clue.

Unfortunately, the tools and tricks available to them also include things you might not see once they’ve established a foothold of some sort.

Remote Access -- to your walletSo, we end up playing the odds.

He could have done nothing…

This is perhaps the most likely scenario.

The technician was probably only after your money in the form of purchasing his “services” to clean your machine. It’s possible this was the extent of the scam. By not falling for it and disconnecting as you did, nothing malicious was left behind.

From the scammer’s point of view, that’s the easiest, safest way to go. Beyond commonly-available remote access software, no additional hacking tools are required. It’s simply social engineering to get you to hand over your credit card information.

As long as enough people fall for the scam, it’s a success. Nothing else is needed.

He could have done something you’d see…

Most remote access utilities allow you to see what the remote user is doing to your machine.

That’s true with the tools the scammers commonly use — in part so they can show you all the “errors”1 on your machine, usually by exploiting the mess that is the event viewer’s log. But that means you would see whatever else they were doing as they did it.

If the technician downloaded or transferred software onto your machine, you’d see it being done.

If they ran a program, you’d see it.

If they ran a setup, you’d see it.

Now, of course, you’d have to understand what you were seeing as it happened, and of course, they rely on most people not being able to do that. If you question them, they’ll make up a reason and say it’s nothing to worry about.

If they downloaded and installed anything, you need to assume they installed malware.

He could have done something you wouldn’t see…

Here’s where things gets difficult.

It is certainly plausible that the remote connection set up by the scammer included connections you would not see.

Perhaps a sleight-of-hand move while they’re confusing you with the Event Viewer allowed them to run a program and set up a malicious back-door connection. Perhaps the type of remote connection they set up allowed them to bypass your firewall. Perhaps this back door will keep running after you’ve hung up, allowing them access any time in the future.

Perhaps, perhaps, perhaps…

Perhaps the entire time they had you on the line, they were surreptitiously loading your machine up with all sorts of malware.

From what I’ve heard, it’s not common, but it could happen.

Assume you’re infected

The safest thing for you to do, of course, is to assume your machine has been infected.

Just how drastic the steps you need to take next depend on what you experienced, what we find, and your own level of security and/or paranoia.

Here’s what I would do:

  • Immediately run a full anti-malware scan.
  • Run a full scan using the free version of Malwarebytes Anti-malware.
  • Keep a close eye out for anything that looks the least bit like suspicious, incorrect, or most importantly, new behavior by the computer.

If that all comes up clean, then it’s probably enough.

If there’s even the slightest problem with the scans or the computer’s behavior, or if you’re simply not certain that “probably” is good enough, you really have only one solution.

Back up. Reinstall Windows from scratch. Reinstall your applications from scratch. Restore your data from the backup or elsewhere.

And learn from the experience.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

Footnotes & References

1: Which typically aren’t errors at all, or if they are, are completely benign.

9 comments on “What Can a Technician with Remote Access Do?”

  1. The scammer may also have just pretended to have gained remote access to the victim’s computer for the sole intent of getting 250 bucks from the victim to correct all the “errors” he or she “found.” There could very well be no malicious changes to the victim’s device. Stay watchful and carry on. Eternal vigilance is the price we pay for freedom from malware.

    Reply
  2. Reading the article I got the impression that a technical service repairing a computer by a remote connexion should be distrusted automatically.
    I had three cases wherin I didn’t see how to solve the problem…So I found on Google a trusted site
    (checked by Avast) offering for the fixed price of 75 dollars to scan my computer and if possible repair
    the computer. So my computer was scanned and they send me a full report on what was wrong.
    I paid the 75 dollars…and they repaired my computer. Afterwords I have done the checks you mention in your article. Everything was allright and no subsequent bizar situations.
    I have also a specialist in the computer branche who I met first on skype. Afterwords we used
    Team Viewer and everything went for the best.
    All depends if you can trust the other on the other side of the line. I agree, this is not automatically
    evident….but the system can be very usefull.

    Reply
    • It’s definitely useful technology, but the problem is that it’s being abused by less-than-trustworthy individuals. It really is all about trust and making absolutely certain that you can trust someone before allowing them to access your machine. Honestly, that applies not only to remote access, but any kind of access.

      Reply
  3. About 9 months ago, I fell for the same type of scam. In my case, I did a search for help with a printer driver, and actually went to a web site that offered Brother technical support–or so it said–and then, just like the person in the original question, I gave access to my PC desktop, the nice young man on the phone found multiple problems, asked for money–a bell finally rang in my brain, I got out of there, realized the website where I had gone was not Brother’s official site, panicked, ran to my husband and son, and in the end, backed up files (which I do multiple times daily anyhow)–and bought a new computer. The good news is my old computer was eight years old and badly needed replacing. The other good news is that probably everything was fine. The bad news is that I was totally humiliated. Dumb dumb dumb….

    Reply
  4. I have had several of these scam calls from “technicians” claiming to be calling from either Dell or Microsoft. Being a retired (former) computer professional with time on my hands I always give them remote access. However, the remote access is only to a virtual machine that I keep around. It’s amusing to play the dumb computer user while watching them waste their time trying to hack a non-existent computer. For those scammers smart enough to detect that they are remoting into a virtual machine I usually reserve a few choice words or phrases.

    Good times.

    Reply
  5. I constantly get scammy phone calls from “techs”, normally with strong Indian accents claiming to be from a well known companies.. I usually ask them which country they are ringing from and they always seem to lie. I ask them a few local questions which they can rarely answer correctly (often I don’t know the answer either but their attempted answers are amusing). Almost all call centers hang up on me and spoil my entertainment. Notwithstanding many millions of dollars are handed over yearly by the unwary..sad

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.