Anything.
First, good on you for terminating that call. I hear about many people falling for scams like this.
You let a stranger with possibly malicious intent use your machine remotely. How worried should you be?
Unfortunately, there’s no clear answer.
Malicious remote access
You let a stranger take control of your computer; now what? The fact is, you don’t really know what they did. They may have done nothing, or they may have left malware behind. Scan your machine now, watch for odd behavior, and be ready for the worst.
What could that “technician” have done?
There’s no way to know what the technician1 has done.
If you knew what you were watching as they worked, you might have seen what they were doing. Their willingness to answer questions about what you were seeing might be a clue.
Unfortunately, the tools and tricks available to them also include things you might not see once they’ve established a foothold. They could have done nothing, they could have done something you would’ve seen, or they could’ve done something you wouldn’t have noticed.
So, we end up playing the odds.
Help keep it going by becoming a Patron.
They could have done nothing
With what you describe, this is the most likely scenario.
The technician was probably only after your money in the form of purchasing his “services” to clean your machine. It’s possible this was the extent of the scam. By not falling for it and disconnecting as you did, perhaps nothing malicious was left behind.
From the scammer’s point of view, that’s the easiest, safest way to go. Beyond commonly available remote access software, no additional hacking tools are required. It’s simply social engineering to get you to hand over your credit card information.
As long as enough people fall for the scam, it’s a success. Nothing else is needed.
They could have done something you’d see
Most remote access utilities allow you to see what the remote user is doing to your machine.
That’s true with the tools the scammers commonly use — in part so they can show you all the “errors”2 on your machine, usually by exploiting the mess that is the Event Viewer log. But that means you would see whatever else they were doing as they did it.
If the technician downloaded or transferred software onto your machine, you’d see it being done.
If they ran a program, you’d see it.
If they ran a setup, you’d see it.
You’d have to understand what you were seeing as it happened, and, of course, they rely on most people not being able to do that. If you question them, they’ll make up a reason and say it’s nothing to worry about.
If they downloaded and installed anything, you need to assume they installed malware.
They could have done something you wouldn’t see
Here’s where things get difficult.
It is possible that the remote connection set up by the scammer included connections you could not see.
Perhaps a sleight-of-hand move while they’re confusing you with the Event Viewer allowed them to run a program and set up a malicious backdoor connection. Perhaps the type of remote connection they set up allowed them to bypass your firewall. Perhaps this back door will keep running after you’ve hung up, allowing them access any time in the future.
Perhaps, perhaps, perhaps.
Maybe the entire time they had you on the line, they were surreptitiously loading your machine up with all sorts of malware, such as malware that could steal your credentials as you use your machine long after disconnecting.
From what I’ve heard, it’s not common, but it has happened.
Assume you’re infected
The safest thing for you to do, of course, is to assume your machine has been infected.
What you need to do next depends on what you experienced, what you find, and your level of security and/or paranoia.
Here’s what I would do.
- Immediately run a full anti-malware scan with your installed security software. In Windows 10 and 11, that’s most often Windows Defender.
- Run an additional full scan using the free version of Malwarebytes Anti-malware.
- Keep a close eye out for any behavior that looks the least bit suspicious, incorrect, or, most importantly, new.
If that all comes up clean, then it’s probably enough, but of course, it’s still not a guarantee.
If there’s even the slightest problem with the scans or the computer’s behavior, or if “probably” is not good enough for your peace of mind, you really have only one solution: the nuclear option.
- Back up.
- Reinstall Windows from scratch.
- Reinstall your applications from scratch.
- Restore your data from the backup or elsewhere.
And learn from the experience.
Do this
Don’t let strangers take remote control of your system.
If it’s too late and you already have, scan your system, watch it for unexpected behavior, and be prepared to reinstall from scratch if you’re not certain it wasn’t compromised.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
The scammer may also have just pretended to have gained remote access to the victim’s computer for the sole intent of getting 250 bucks from the victim to correct all the “errors” he or she “found.” There could very well be no malicious changes to the victim’s device. Stay watchful and carry on. Eternal vigilance is the price we pay for freedom from malware.
Reading the article I got the impression that a technical service repairing a computer by a remote connexion should be distrusted automatically.
I had three cases wherin I didn’t see how to solve the problem…So I found on Google a trusted site
(checked by Avast) offering for the fixed price of 75 dollars to scan my computer and if possible repair
the computer. So my computer was scanned and they send me a full report on what was wrong.
I paid the 75 dollars…and they repaired my computer. Afterwords I have done the checks you mention in your article. Everything was allright and no subsequent bizar situations.
I have also a specialist in the computer branche who I met first on skype. Afterwords we used
Team Viewer and everything went for the best.
All depends if you can trust the other on the other side of the line. I agree, this is not automatically
evident….but the system can be very usefull.
It’s definitely useful technology, but the problem is that it’s being abused by less-than-trustworthy individuals. It really is all about trust and making absolutely certain that you can trust someone before allowing them to access your machine. Honestly, that applies not only to remote access, but any kind of access.
About 9 months ago, I fell for the same type of scam. In my case, I did a search for help with a printer driver, and actually went to a web site that offered Brother technical support–or so it said–and then, just like the person in the original question, I gave access to my PC desktop, the nice young man on the phone found multiple problems, asked for money–a bell finally rang in my brain, I got out of there, realized the website where I had gone was not Brother’s official site, panicked, ran to my husband and son, and in the end, backed up files (which I do multiple times daily anyhow)–and bought a new computer. The good news is my old computer was eight years old and badly needed replacing. The other good news is that probably everything was fine. The bad news is that I was totally humiliated. Dumb dumb dumb….
I balk at the word “dumb”. There was no stupidity involved. Yep, perhaps you trusted a little too easily, and were somewhat ignorant of the scope of the problem, but neither of those issues are “dumb”. They’re simply a lack of knowledge; knowledge which you now have.
The fact that your computer was 8 years old may have been a good reason to replace the machine, but malware is never a reason to get rid of a computer. If you still have the old one, you can reinstall Windows and continue to use it.
My Computer Is Infected with Malware. Should I Just Throw It Out?
My Computer Is Infected with Malware. Should I Just Get a New Computer?
I have had several of these scam calls from “technicians” claiming to be calling from either Dell or Microsoft. Being a retired (former) computer professional with time on my hands I always give them remote access. However, the remote access is only to a virtual machine that I keep around. It’s amusing to play the dumb computer user while watching them waste their time trying to hack a non-existent computer. For those scammers smart enough to detect that they are remoting into a virtual machine I usually reserve a few choice words or phrases.
Good times.
love it!!! Good for you!!! Bravo!!!
I constantly get scammy phone calls from “techs”, normally with strong Indian accents claiming to be from a well known companies.. I usually ask them which country they are ringing from and they always seem to lie. I ask them a few local questions which they can rarely answer correctly (often I don’t know the answer either but their attempted answers are amusing). Almost all call centers hang up on me and spoil my entertainment. Notwithstanding many millions of dollars are handed over yearly by the unwary..sad
‘