That’s a comment I received from a reader relating to the pernicious “tech support scam” where scammers call you, say they’ve detected problems originating from your computer, and offer to fix it for you — perhaps even for free — if you just give them access to your computer.
Disabling remote access in Windows does not disable this kind of remote access.
I’ll review the setting in Windows and compare it to the types of remote access more commonly used by scammers.
And, of course, I’ll review what you need to do to stay safe. There’s a good chance it’s something you’re doing already.
Become a Patron of Ask Leo! and go ad-free!
- Windows Remote Desktop allows remote access to your computer, most easily from a machine on your local network, without anyone needing to be at the machine.
- Windows Remote Assistance allows you to give helpers access to your computer.
- Many other remote access tools exist, but are unaffected by Windows remote settings.
- Skepticism is the most important protection.
Windows Remote Desktop
As outlined in “What’s the Difference Between Remote Desktop and Remote Assistance?”, Windows Home editions don’t support being accessed remotely by Remote Desktop.
In other editions of Windows 10, search for “remote access” or “remote desktop settings”, and click on the latter when it appears1.
Remote desktop allows you to use your computer as if you were sitting in front of it, by connecting to it from another, remote, machine. It works most seamlessly on local area networks, so if you have multiple machines behind a single router, it can be a useful tool.
In general, if it’s not something you know you need, leave it off. Either way — on or off — it’s unrelated to the scams we hear about. Scammers generally don’t use Remote Desktop.
Windows Remote Assistance
In all editions of Windows 10, search for “Remote Assistance” and click on “Allow Remote Assistance invitations to be sent from this computer”.2
Remote Assistance is similar to Remote Desktop in that it allows someone else to access and control your computer. You must initiate the remote assistance session, and you can watch and interact with whatever the other person is doing.
I generally recommend you leave this option off unless you’re about to initiate a remote assistance setting.
Or leave it on. Once again, this is rarely a tool used by scammers.
Remote Access using other tools
There are a myriad of other tools out there available to access computers remotely. I happen to be partial to Google’s Chrome Remote Desktop3, but tools like LogMeIn, GoToMeeting, and other GoTo products are all valid and useful tools to access someone’s computer remotely.
To be extra clear, the tools themselves are not scams or malicious in any way. Like most tools, though, they can be used for good or evil.
The bad news is that none of them are affected by the Remote Desktop or Remote Assistance settings I just described. They can be used regardless of how those settings are set.
The good news is that these tools don’t initiate themselves; like Remote Assistance, you have to take steps to allow someone into your machine.
And this is exactly what scammers try to get you to do.
Once in, assume you’re compromised
If, for some reason, you’ve allowed access to your computer to someone you later find out has malicious intent, or you just don’t trust, you can only assume that your computer has been compromised.
What does that mean? Perhaps most importantly, it means my statement above — “these tools don’t initiate themselves” — could now be false or beside the point. Once someone with malicious intent has accessed your machine, they could install or otherwise enable tools to allow them remote access at any time, without you needing to do a thing.
At that point, you can only treat your machine as fundamentally untrustworthy due to malware.
The solution is simple
As I said, you need to take steps to allow someone onto your machine. Most tech support scams will be very insistent that you need to take action — action that will allow them access.
Don’t do that.
Be skeptical4. Don’t trust people you don’t know, especially people who call you out of the blue.
Use remote access as you see fit — it’s an incredibly handy tool — but only use it with people you know and trust. You’re giving them complete and total access to your computer.
That’s not something to give to just anyone.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Footnotes & References
1: In older versions of Windows, right-click on “My Computer”, “Computer”, or “This PC”, and click on Properties. In the resulting dialog, click on “Remote settings” or the “Remote” tab to access these settings.
2: In older versions of Windows, follow the instructions in the previous footnote.
3: I’m using it right now, as a matter of fact.
4: Since you’ve been reading Ask Leo! regularly, you probably already are. But for everyone else…
Also be very careful when searching for support, especially for a free service such as Hotmail, Facebook or Gmail. Free services generally don’t offer phone support. If it’s a paid service better to go directly to the company’s website, for example, {company_name}.com. Scammers have a lot of fake websites offering fake phone numbers or links.
The Risk of Searching for a Support Phone Number
what about “remote apps and desk top connections” in the control panel?
when i click on that it says “there are currently no connections available
on this computer”. wouldn`t that at least let me know if someone has
gotten remote access somehow? i`m still on win 7 ult.
Hi GlenLW
In short no. The control panel really only shows the Microsoft apps connection to your computer but as indicated in the article there are many ways to connect which would not be covered in the Control panel setting. e.g. VNC
So how exactly do the scammers get access to your computer? From what I understand, they first have you open the Event Viewer where there are a bunch of “scary” warnings & errors. Then do they have you go to some type of Go To Meeting link where they can remotely access your computer & do the damage?
Exactly … after convincing you they can help, they share a link with you that opens remote access using one of the commonly available tools.
OK, I read the article — twice, three times. But what do you do when you are comprised? How do you get them out? How do you stop them from sabotaging you down the line?
When you are compromised, you must assume the worst. Even though this article talks about scammers claiming to be from Microsoft, it applies to any similar scam: I Got a Call from Microsoft and Allowed Them Access to My Computer. What Do I Do Now? – the section “Recovering from the scam” has next steps.
It happened to me… once your computer is compromised, the only choice is to get another computer or pay a professional to clean out the infected computer.
You Do Not Need To Get A New Computer!
Please read: My Machine’s Full of Malware; Should I Get a New Computer?
Here is what I did when a friend’s machine was compromised (& no they did not have a current back-up of their computer).
1) Removed the hard drive from the laptop and installed in an external hard drive enclosure.
2) Connected the usb drive to another machine that had anti-malware installed (made sure that PC was not connected to a network or the internet). If there is something very nasty & aggressive, you don’t want it escaping into your network or phoning home.
3) Ran scans on the external drive to see if there was any “obvious” malware on the drive.
selectively copied data files off the hard drive to another drive.
4) Wiped the suspect hard drive, reinstalled in the computer and did a clean reinstall of windows. My normal preference would be to start with installing a new drive rather than the old drive – just in case there is a rootkit installed that escaped being wiped.
5) Copied recovered data files back to the PC.
I have been trying to reach pcmatic for some time. I hopes you can help by forwarding this message/My phone number is {removed}. Pcmatic does not run properly on my computer. The last 2 weekly scans on Tuesdays have started and stopped at exactly the same time; the start numbers and end numbers are identical. When I click on the shield icon on my task bar nothing happens. When i right click I get 2 options: remove the icon from the task bar or a second opportunity to click on the icon.
I need to have them respond by telephone because I think the computer will block any direct response.
Never publish your phone number, email address or other personal information on a public forum. It opens you up to spam, marketing calls and scams.
There must be other ways to access remotely….It’s happening to me and I have not let anyone in remotely for sure. I also live alone. When I am under the event viewer, device manager looking at a remote desktop device called the redirector BUS, it has a computer named: WIN-IPO0RLK1C4T as shown below: Copied/Pasted from the event viewer:
Microsoft-Windows-Kernel-PnP/Configuration
Computer WIN-IPO0RLK1C4T
– Security
[ UserID] S-1-5-18
I am not sure what to even do with the information I have, let alone how to keep them out. I’ve done a lot of research on so much since this all started. Pretty sure it is an ex husband soliciting the help of a very smart hacker-nephew of his, but again no proof. I just have mental fun with it. Anyway, no one seems to know anything about this so I thought I’d try to pique your interest. Please advise, thank you.
I seem to be morphing into some computer geek against my will!!!!! HELP~~~ lol. Thanks again.
I’m not sure how you’re interpreting this as remote access?