Guide
Remote access scams: when the caller wants into your computer
The whole scam rests on one moment: you installing a program because a stranger sounded official.
Updated 14 July 20267 min readBy AngusPart of Online safety tips
A remote access scam starts with a call or popup that sounds like help: this is Telstra, or the NBN, or Microsoft, and there is a problem with your computer or your internet that must be fixed right now. The fix always involves installing a remote control program so the helpful technician can take a look.
Once that program is running, a stranger is sitting at your computer. This guide covers how the script unfolds, the tells that give it away in the first minute, and the exact steps if someone did get in, because fast, ordered action limits the damage substantially.
How the script unfolds
The calls follow a pattern because they are read from one.
- The hook: an unsolicited call or a full-screen popup with a phone number. Your internet is compromised, your computer is sending errors, your account will be cut off today.
- The install: you are talked into installing legitimate remote control software, then reading out the code that lets the caller connect.
- The theatre: fake scans and system screens designed to look alarming while they build trust.
- The extraction: you are asked to log in to your bank to receive a refund or verify your account, while the person watching controls the screen. Sometimes the screen goes black for a moment. That is when the transfers happen.
The tells, in the first minute
You do not need to out-tech the caller. Any one of these ends the call.
- It is unsolicited. Telstra, the NBN company and Microsoft do not cold-call people about infections or errors. Ever.
- There is urgency: disconnection today, fines, an account about to be emptied.
- The fix requires remote control software you did not have this morning.
- You are asked to log in to banking, read out codes, or buy gift cards while connected.
Good to know
- The remote control programs themselves are legitimate tools used by real IT support. The scam is not the software, it is the stranger on the other end of it.
If you are on the call right now
Hang up. You do not owe the caller a goodbye, and everything they said about consequences was theatre. If a popup claims your computer is locked, do not call the number on it; closing the browser, by force if needed, or restarting the computer clears it. If you are ever unsure whether a provider genuinely called, hang up and call the provider back on the number from their real website or your bill.
If they did get in: the ordered response
Act in this order, and use a different device, like your phone on mobile data, for the sensitive steps.
- Disconnect the computer from the internet: pull the network cable or turn off its wifi. That ends their session.
- From a DIFFERENT device, call your bank immediately if you logged in to banking, made a payment, or they saw your cards. Tell them a scammer had remote access.
- From that same clean device, change your email password first, then banking, and turn on two-factor authentication.
- Uninstall the remote access program, then have the computer properly checked before trusting it for banking again, because a scammer with control can leave more behind than the one program.
- Report to ReportCyber at cyber.gov.au and Scamwatch at scamwatch.gov.au, and if identity documents were visible, call IDCARE on 1800 595 160.
Why removal alone is not the end
A scammer with control of your computer could do more than run the visible program: save your passwords from the browser, install something extra, or note details for a later, better-informed call. That is why the passwords change from a clean device, why the machine deserves a proper check, and why our guide on checking who has access to your accounts is the right follow-up sweep once the dust settles. If money moved or details were taken, the recovery path is covered in recovering after a scam.