Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

I Got a Call from Microsoft and Allowed Them Access to My Computer. What Do I Do Now?

It’s a trap!

A very common scam has people supposedly from Microsoft, your ISP, or other authorities calling to help you with computer problems. Don't fall for it.
A scene showing a concerned individual at their computer, receiving a scam phone call from someone claiming to be from Microsoft, aiming to assist with non-existent computer errors.
(Image: DALL-E 3)
Question:

A family member got scammed by a telephone call from someone saying that they were from Microsoft and calling because of PC error reports. Unfortunately, remote access was given. What should be done to prevent further compromise of the PC data? Help!

Note: MS scanner and a Norton scan were done and showed no problems. Remote access software files were removed manually from PC. Could the scammer again access the PC data? Data is backed up to the external drive (not plugged in at the time of the scam). Can the same files/data be safely loaded onto a new HD/computer?

As you point out, it’s a scam. Microsoft doesn’t call people because of errors on their computers. Neither do ISPs, security companies, or pretty much anyone else who might have some role of internet authority.

To quote Admiral Akbar, “It’s a trap!”

In recent years (yes, years) I’ve received many reports of this scam and its variants. Fortunately, many people are rightfully suspicious and cut it off before it goes too far. Unfortunately, your family member having fallen for the scam puts you in a difficult and dangerous position.

Let’s not hook up that external hard drive just yet.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

The remote access trap

Legitimate companies don’t request remote access via cold calls. Period. If you’ve fallen for it, take these steps.

  • Alert your credit card issuer about potential fraud.
  • Restore your machine from a recent image backup.
  • Alternatively, back up data, reformat your hard disk, and reinstall your operating system to ensure the removal of any hidden malware.

The Scam

Here’s how it works: someone calls you claiming to be from Microsoft, your ISP, your security software provider, or some other important-sounding company. They’re lying. They’re not any of those. The companies these scammers claim to be from are not involved in any way. They do not call people out of the blue and offer to help.

The scammers claim they’ve detected your computer is causing many “errors on the internet” or that there are “problems with your account”. To prove there’s something wrong, they ask if your computer has been crashing recently. Or they have you open up the Event Viewer and point out the many errors listed therein.

And, of course, they can fix it for you.

The scammer then asks you to allow them to access your computer. DO NOT LET THEM.

Typically they have you connect to a remote access site such as logmein.com or other similar services so you can give them access to your computer. Important: Sites like logmein.com and others are not involved in the scam. They’re just the tools the scammer uses to access your machine.

This leads to the scam’s hook. While accessing your machine, several things may happen.

  • The scammer may install malware.
  • The scammer may “discover” that to fix your (non-existent) problem, you’ll need to purchase something.
  • You may be quoted a high price for this “service”.
  • If you provide payment information, it may be used not only for that fee but for more purchases you haven’t authorized.

In the end, you’re either left with a malware-laden machine (that hasn’t been “fixed”), bogus charges on your credit card, or both.

It’s a classic scam.

What about those EventViewer messages?

EventViewer is a mess. More accurately, the information logged by applications and Windows itself that are displayed by EventViewer is a mess.

It’s highly technical, often incomprehensible, and really only useful to experienced technicians and software developers.

And here’s the kicker: errors and warnings are normal and expected in EventViewer. It’s very common to have lots of red stop signs and yellow warning signs in the list of events displayed.

Put another way, seeing errors and warnings in EventViewer does not mean that there is anything wrong with your system.

Don’t believe anyone who calls you up and tells you differently. They’re wrong. Using EventViewer to misguide you like this is a classic sign of a scam.

Avoiding the scam

Classic scam-avoidance 101: Never completely trust someone you don’t know who calls you. (Scam avoidance 102: Don’t answer phone calls from numbers you don’t recognize.)

Listen to them if you like. Ask questions if you feel so motivated, but never ever give them access to your PC and never ever give them your payment information.

Instead, let them know you’ll have your local tech support look into it (even if you don’t have one).

Once it becomes clear that you aren’t going to fall for the trap, it’s likely they will hang up. The caller may even become abusive. At that point, you hang up on them.

If you’re concerned there is a real problem with your computer, do the research yourself, or contact the technical resources you trust and ask them about it. Chances are there’s nothing going on at all.

Recovering from the scam

If you handed over payment information, you’ve just given that information to a complete stranger. Immediately contact your credit card issuer or other payment provider and put them on fraud alert.

If you allowed the scammer access to your machine, things can get ugly.

You have no idea what they did. If you saw them install software in the guise of tools to help repair your system, it’s possible there’s a bundle of malware now residing on your machine, which they could use to continue accessing your machine, even after you hang up.

Even if you didn’t see them download something, they still could have placed malware on your machine.

There’s no way to prove they didn’t load your machine up with malicious software.

There are two approaches you can take at this point.

  • Assume the worst.
    • Revert to a system image backup taken before the access was granted.

Or

    • Back up your data, reformat your computer, and reinstall Windows.

This is the only way to know whatever the scammer might have left on your machine is truly gone.

  • Hope for the best.
    • Run up-to-date anti-virus and anti-spyware tools after making sure that each is running with an up-to-date database. I’d be tempted to scan with an additional tool or two.

Once you’ve done one of these, it’s safe to once again hook up your external disk.

It’s a scam

As I update this article in 2024, this scam has been happening regularly for well over a decade with no signs of letting up.

The best defense is to not fall for it in the first place. If you do, the next best thing is to make sure you have regular system backups you can revert to.

And if you walk away remembering just one thing, remember this:

They won’t call you.

If “they” do, be very, very suspicious.

Podcast audio

Play

23 comments on “I Got a Call from Microsoft and Allowed Them Access to My Computer. What Do I Do Now?”

  1. Tech support scammers use many different tactics to trick people. Spotting these tactics will help you avoid falling for the scam. Tech support scammers may call and pretend to be a computer technician from a well-known company. They say they’ve found a problem with your computer. They often ask you to give them remote access to your computer and then pretend to run a diagnostic test. Then they try to make you pay to fix a problem that doesn’t exist. Listen to an FTC undercover call with a tech support scammer .

    Reply
  2. My friend knows very little about computers He fell for the Microsoft scam where he had to call their “support line.” They took control of his computer. He realized just in time that there was a problem and managed to hang up and shut down. But, when I had him check things, we found Go To Assist Customer from Logmein on his computer. When we tried to UNINSTALL it said there were other users on. We continued anyway but it asked for a password. How do we eliminate the program?

    Reply
    • Two things to try: 1) an uninstall program like Revo, 2) reboot into safe mode and see if the uninstall will work there.

      When is it asking for a password? What password is it asking for?

      Reply
  3. I gave these people everything they asked for: control of my computer, banking info, personal info. I’m concerned they could have left malware on my computer. Called my bank and cancelled my credit card, changed pins, placed Freeze’s on my Credit, set up a Fraud Alert.
    I’m not computer savvy, elderly, that’s why I fell for their jargon, I’m out $210.00, they almost tricked me into sending them a $1,000 gift card (2 $500) for an error I supposedly made when receiving my refund as they were going out of business. That alone should have woken me up. Microsoft is a legitimate business, I was the stupid one, not the scammers, I blame myself.
    Will be searching for help in getting my computer cleaned up, protect my data as I’m a short story writer and I afraid they even infected my removable disk.

    Reply
  4. I have all my drives on hot swap drive not so much for hot swapping, but for ease of changing drives depending on what I am doing. You still have to power down to change the boot drive obviously but…I made a special drive for just the occasion when this scan occurred and it did. One day I got a call from someone claiming to be from Microsoft and saying they had a problem with my computer, I didnt tell him the drive is a fresh install, I just ran the guy around a bit long enough to shut down the computer and put only the special drive back in boot slot and powered up. I was telling him I dont know a thing about them other than doing a little word processing and he asked me to let him in which I did and watched him destroy the drive with encryption. When he said “you have a virus and we can fix it for you for $250.” Well I got a screwed up mess now , I watched you put it there but here is the catch. In your hurry to destroy my stuff if you took stuff off that drive you probably took the financial directory which upon arrival in your computer started looking at your network and infecting every drive you have. Problem is for you, with in a couple hours one or two of your computers will crash and when you fix it another computer will re-infect it and then tell two other computers at random to crash also. The fix is to power down all your computers, do a low level format of your hard drives and the infected disk will be every hard drive it can get to so all your hard drives need to low level format. After you do that you have to do a regular hard drive format, then reload windows in which case you will have lost all the data on your computers in your effort to collect data and rob people via your scam, and oh by the way the disk you destroy was a special disk waiting for someone like you and no other disk was in that computer. Boy was he ticked, I told him you can sue me but you wont because I will take the drive you destroyed and present to the court for you to explain, have a nice day. I would not really do something like that but I sure would have like be a fly on the wall in that guys office for the next dew hours.

    Reply
  5. Twice in the recent weeks/months I have clicked on a link online (that seemed legitimate, it came from a legitimate site) only to have a message pop up and ALSO FROZE MY COMPUTER SCREEN. The message gave a number to call to have MS resolve the problem. It also said DO NOT shut down your computer. I knew it was a scam so I did the opposite and did a hard shut down of my computer since I couldn’t shut it down the normal way. First, out of curiosity, I called the number to hear what they had to say. I also told them I knew they weren’t MS and they should be ashamed of themselves in my best school teacher voice, lol. I am not a computer expert, but everything seems to be OK now. . But if there is a possibility they did do something somehow I’d like to hear it, and what to do to check it.

    Reply
  6. My friend got one of these calls and let them take over his computer. Then suspecting a possible scam, he pulled the plug. Then he went online to get the real MS phone number and called them. They took over his computer and started going into private folders. Again he was suspicious, realized that the web page phone number was another scam and pulled the plug. He then found the phone number of the Microsoft Canada Head Office. This time it was the real MS. They told him that they would NEVER, EVER call someone to tell them they have a virus. And as a free courtesy, they offered to take over his computer and go over the entire drive line by line and said that it would take about 24 hours.
    The real kicker was: “Tom the most embarrassing part of this story was that I used to be the president of a software company”. He had been president of several types of companies but was not a technical type but rather a businessman.

    Reply
  7. The only time I ever got a phone call was when I called them. I found the number inside Windows so I knew it was legit. My problem was when I switched to a larger drive, Windows wouldn’t activate when I restored it from my backup. When I phoned, I made an appointment for them to phone me. Even though I knew it was legit, I was still very nervous when I gave them control over my computer.

    Reply
  8. And what if the scammers called you and then you tell them, I don’t have a computer guys!

    How do they know you got a virus on your pc? They don’t know your computer unless you give them access!

    Nice Try!

    Reply
  9. When we fell for a similar scam to access a home computer we alerted our credit card companies and our banks. We also put a one-year freeze and fraud alert on our credit reports at Equifax, Experian, and TransUnion. Lately, scammers have been turning their attention to cell phones. You receive a text message (or call) about a possible fraudulent charge to your account (e.g., Comcast, CVS, Costco, Amazon, PayPal, …) and are asked to either call them or provide additional information to “mitigate” the situation (e.g., a new credit card number).

    Reply
  10. After reading NotAMicrosoftShill’s comment I thought I would add another caution as a public service to all who read this post. Yesterday I got a text message from e-zpass-newjersey.com saying that I have to contact them concerning a recent “$4.15 additional fee that has been flagged for (my) recent journey through the New Jersey toll point.” Complete scam; that is NOT the real ezpass URL. Please take all the suggestions posted and don’t become a scam victim.

    Reply
  11. When I receive such a call, if I’m busy, I ask “What computer!?”, and hang up.

    If I’m not too busy, or a bit bored, I play along for a while, imitating a very timid, cautious, technically ignorant user. If the caller asks to connect to my computer, I ask, in a very shaky voice, “O-O.K. How do I do that?”. I pretend to follow their instructions, but respond to each step of their directions with something like “I don’t think I can do that.”, or “I don’t see that.”, or even one of “Could you repeat that?”, “Could you explain that?”, “What’s that look like again?”. Sooner or later, they get exasperated, and end the call. When they don’t, and I want to finish things up, I ask, “What kind of computer did you say I have?” Regardless what their response is, I say something like, “I don’t have one of those”, or “I don’t use that.” I never say what I have or use. Remember, the whole point is to take up as much of their time as possible, without revealing ANY useful information about me, or what kind of computer I have, if any.

    I worked as an Internet technical support agent for a few years, and I learned how to present myself as a very timid, technically ignorant user, from many of the users I helped while doing that job. I don’t recommend following my example (above). Doing so is at your own risk. I posted this as much for your entertainment, and to remind you that the hackers are only humane too, so while you don’t need to fear them, you must ALWAYS remember to NEVER give them ANY information about you, or your computer, because, for them, information is power.

    Ernie (Oldster)

    Reply
    • The more time of theirs that you waste saves a few more people from being scammed. I alway end those kind of calls with a string of profanities. Some may say they are only poor people trying ot make a living, but those poor people are criminals just as much as a poor person who shoplifts or picks pockets.

      Reply
  12. Thanks for the info. It is very easy to fall for those scams because of the play on our fear. I have a related question. What about those Microsoft Security Alert emails? On occasion, I received one or two daily for a few days but always deleted them without responding because I regarded them as junk. .

    Reply
  13. I have seen this virus many times, and helped clients with it many times. Unfortunately, sometimes my clients have called me AFTER they have called the number on the screen and let the scammers into their computers… However, in my experience, the solution has ALWAYS been, to simply press the power button your computer for AT LEAST 6 seconds. Assuming you are a fast counter, hold your power button down longer. This will do a “reset” on your computer, and will get rid of every instance of this “virus/scam” that I have ever seen. Next, simply press the power button again, and your system is working again. If you don’t hold the power button down long enough on the first instance to do the “reset”, then do it again. I have never seen this “fix” fail on this virus/scam.

    Reply
    • That won’t work! Holding down the power button doesn’t do a reset. It simply shuts down the computer, bypassing the normal shutdown procedure. To recover from that is the same as removing any malware. Run a few malware scans. If you have a system image backup, the best thing you can do is restore from the last backup before the malware was installed.
      How Do I Remove Malware from Windows?

      Reply
  14. I’ve seen a lot of scams over the years. Some of them so stupid it made me wonder how anyone could fall for them. Even my dad and step mom only had a computer the last 4 years my dad was alive. They were totally computer illiterate. They never fell for them. There was one time they called me while on the phone with some scammers. I was so proud of them. I never heard my dad cuss like that and the comments were priceless and then he hung up on them. I couldn’t have done any better. However, some are so technical that even people in the know can fall for them.

    Over the last 30 or so years of using computers and being online I’ve watched the steady progression of spam and scams. I learned very early on what to look for and the biggest lesson I learned was Never Click On Links And Never Answer Email I Wasn’t Expecting or that wasn’t from a personal friend. Those lessons have served me well over the years. I also learned from Leo’s constant “harping” (LOL) about backing the system up. I disable my network adapter and hook up my external drive and do my backup once a week. I don’t need the, I think they’re called progressive backups. The only thing that changes on my system is my email. I backup my email client to a second drive every week as well.

    The best advise I can offer is never never never call a number that pops up on your screen, never respond to any message that pops up, and if you receive a call from a number you don’t know let it go to voice mail. I’ve received a number of calls from a spoofed number (and I know for fact they’re spoofed) that always goes to voice mail that tells me there are some suspicious charges against my Visa card. I have a good laugh because I don’t have a Visa card.

    I appreciate your emails Leo and I’ve been saving them since 2020. I use them for reference. They’ve come in very handy.

    Reply
  15. Re-Booting or Re-starting are great options for terminating the problem. That’s why the attempted ransomware source (which is what this resembles, at least in part) demanded that you don’t do it!
    My wife, not being hip to signs of scammers at the time, once fell for a “PAY $200 TO FIX THE PROBLEM” demand. The same outfit called a year later ‘to renew your subscription.’ I refused, told them that they were bunco artists, hung up and then called Dell and gave them the scammer’s phone #. They tracked it to a group of disgruntled former employees.
    The first computer viruses were developed by former IBM employees, I was told. I don’t recall whether they were testing system vulnerabilities as a research project, or post-termination revenge.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.