Scam Message Checker

You installed a remote-access app for a 'support' caller

If you installed remote-access software and shared the code because of a 'support' or 'refund' call, the scammer may have seen or controlled your screen. Disconnect, remove the app, and secure your accounts from a different device. Move quickly if banking was open during the session.

Quick answer

If you installed remote-access software and shared the code because of a 'support' or 'refund' call, the scammer may have seen or controlled your screen. Disconnect, remove the app, and secure your accounts from a different device. Move quickly if banking was open during the session.

  • End the call and disconnect from the internet.
  • Uninstall the remote-access app immediately.
  • If banking was open, call your bank from another phone.
Most urgent

Do this now

  1. Disconnect the device from the internet (turn off Wi-Fi/data).
  2. Uninstall the remote-access app (AnyDesk, TeamViewer, or similar).
  3. From a different, trusted device, change your important passwords.

Understanding what happened

Installing a remote-access app for a 'support' or 'refund' caller means someone may have seen and controlled your screen - but you can shut that down. The moment you disconnect and remove the app, their access ends; the rest is checking what they touched and securing anything sensitive that was open.

These scams work by manufacturing a problem - a 'virus', an 'overpayment', a 'refund' that needs processing - and then offering to fix it if you install AnyDesk, TeamViewer, or similar and share a code. Once connected, they may open your banking, move money, install other software, or 'accidentally' overpay a refund to trick you into sending the difference back.

The biggest exposure is anything visible or logged in during the session, especially online banking. If your bank was open or money moved, call the bank's fraud line from a different phone right away. Assume passwords typed during the session, and any saved in the browser, may have been seen.

Recovery is methodical, not panicked: disconnect, uninstall, run a full security scan, then change key passwords from a separate trusted device and turn on app-based two-step verification. If the device keeps behaving oddly afterwards, a professional check or clean reset is a reasonable next step.

First 5 minutes

  1. End the call and disconnect from the internet.
  2. Uninstall the remote-access app immediately.
  3. If banking was open, call your bank from another phone.

First 24 hours

  1. Run a full security scan and update your operating system and apps.
  2. Change passwords for email, banking, and key accounts from a clean device.
  3. Turn on app-based two-step verification everywhere you can.

Next 7 days

  1. Review bank and account activity daily for the week.
  2. Check for new apps, rules, or forwarding you didn't set up.
  3. Consider a professional check if the device behaves oddly.

What not to do

  • Do not let anyone 'reconnect' to finish a refund or fix.
  • Do not enter banking details while screen-sharing software is installed.
  • Do not trust a call-back from the same 'support' number.

Evidence to save

  • The app name and the access code you shared.
  • Screenshots of the message/call details and timing.
  • Any payments or transfers made during the session.

How to save scam evidence →

How to report

  1. Gather your evidence first (screenshots, dates, amounts, any reference numbers).
  2. Report to your national fraud/cybercrime body and, if money moved, to your bank.
  3. Find the right official links for your country in the reporting directory.

Find official reporting links for your country in the reporting directory.

  • Do not use phone numbers or links from the suspicious message - look up the official ones yourself.
  • Report quickly if money was sent or ID documents were shared; speed improves your options.
  • Keep your evidence - see how to save scam evidence.

Beware 'recovery' offers afterwards: anyone who contacts you promising to get your money back for an upfront fee is running a second scam.

Stop it happening again

Never install software or share an access code because of an unsolicited call, pop-up, or email. Genuine companies don't cold-call to fix your device.

Keep your operating system and security software updated, and remove remote-access apps you don't actively use.

Related scam types

Related red flags

Related terms

This is general safety information, not legal, financial, or cybersecurity incident-response advice.

Still have the message?

Check it to understand the red flags and how to report it.

Check a message

Frequently asked questions

Could they still control my device?

Not once you disconnect and uninstall the app. Then change passwords from a clean device and scan for malware.

Should I factory reset?

If the device still behaves oddly after scanning, a reset (after backing up safely) or a professional check is reasonable.

Could they still be in my device?

Not once you disconnect from the internet and uninstall the app. Then change passwords from a clean device, run a full security scan, and watch your bank for unfamiliar activity.

Get scam safety updates

Practical scam alerts, new examples, and simple safety tips. No spam. No sensitive message data.

We only collect your email address, optional name, consent status, signup page, and signup time. See our privacy policy.