Do Not Hand Over Remote Access Until You Verify the Request
Remote access is useful when the right IT person is helping you. It is also powerful enough to be dangerous in the wrong hands.
Scams often start with something that looks routine: a phone call, browser pop-up, WhatsApp message, email, or search ad claiming there is a problem with your computer, Microsoft account, antivirus, printer, or business email. The next step is usually the risky one. You are asked to install a remote-access tool, read out a session code, approve screen sharing, or let someone "fix" the issue for you.
For everyday office staff and small businesses in Trinidad and Tobago, the safest rule is simple:
Do not give anyone remote access to a work device until you verify the request through your normal IT support channel.
Recent guidance from the U.S. Federal Trade Commission says an unexpected tech-support call should be treated as a scam and warns that remote access can expose everything on the computer and connected network. Microsoft says scammers often use fake warnings, pop-ups, and remote-access tools to make normal system messages look like proof of a serious problem. The UK's National Cyber Security Centre adds a useful habit for any suspicious contact: stop, break the interaction, and contact the organisation directly using a trusted route.
Why this matters
If a remote session is genuine, IT can solve problems quickly.
If it is fake, the person on the other end may be able to:
- view files, emails, saved sessions, or customer information
- install malware or unwanted software
- change security settings
- capture passwords or one-time codes
- open banking, payroll, accounting, or cloud systems while you are logged in
- pressure someone into paying for fake support
That is why this is not just a home-user issue. It is a business risk.
What to watch for
Be cautious if someone:
- contacts you unexpectedly and says your device or account has a problem
- claims to be from Microsoft, Google, your bank, your antivirus vendor, or another well-known brand
- tells you to install AnyDesk, TeamViewer, Quick Assist, Chrome Remote Desktop, or another tool outside your usual IT process
- asks for a support code, password, MFA code, or payment
- pressures you to act immediately
- says you should not call your normal IT contact to verify
- shows a pop-up with a phone number and tells you to call right away
One warning sign is enough reason to stop.
Do this
- Use your normal IT support number, helpdesk, or ticketing method to verify the request.
- If you work with an MSP, use the saved contact details your company already trusts, not the details in the message or pop-up.
- Ask for a ticket number and confirm it through your usual support channel.
- Close the browser tab if a pop-up tells you to call support.
- If you are worried something might really be wrong, contact your IT provider directly using a known website or phone number.
Do not do this
- Do not let an unexpected caller control your computer.
- Do not read out a remote-access code unless you started and verified the support request.
- Do not enter passwords or MFA codes while someone unknown is watching your screen.
- Do not log in to banking, payroll, accounting, or customer systems during a suspicious session.
- Do not trust caller ID, logos, or a professional-sounding script as proof that the request is real.
Real support should not mind verification. A legitimate technician will expect it.
What to do if you are unsure
Stop before approving the session.
Call or message your manager, IT contact, or service provider using the method your company already uses. If the request claims to come from Microsoft, your bank, or another supplier, go to the official website yourself and use the contact details there.
If you already allowed access:
- disconnect the session immediately
- tell your IT team or manager what happened
- change any passwords you entered
- contact your bank quickly if payments or banking details were involved
- ask IT to check the device for malware and review other connected systems if needed
Quick reporting is better than quiet embarrassment. The sooner it is reported, the easier it is to contain.
A simple office rule
Remote access is allowed only after the support request is verified through the company's normal IT channel.
That one habit can stop a routine-looking scam from becoming a stolen password, exposed mailbox, or business payment problem.
