Remote Support Requests: Confirm Before You Click Allow
Remote support tools are useful. They let IT fix a printer issue, install approved software, check an error message, or help a staff member who is working from home.
That same convenience is why scammers try to abuse them.
A common scam starts with a pop-up, phone call, text, email, or fake invoice that says something is wrong with your computer, bank account, antivirus, Microsoft 365 account, or subscription. The person on the other end may sound helpful and professional. Their goal is to make you install a remote support tool, share your screen, or click Allow so they can see or control your device.
Once a criminal has remote access, they may look for passwords, email, banking pages, customer records, saved browser information, or accounting files. They may also pressure you to pay for a fake repair or move money to “protect” it.
The safe habit
Only allow remote support when you know who requested it, why they need it, and how the session was arranged.
If you did not open a ticket, speak to your normal IT contact, or expect the support session, pause before giving access. Real support should not need to scare you, rush you, or make you keep the session secret.
Do this before allowing remote access
Do:
- Confirm the request through a trusted channel, such as your usual IT support number, helpdesk portal, manager, or known company contact.
- Ask what the technician needs to do before you approve the session.
- Close banking, payroll, email, customer files, and personal tabs before screen sharing starts.
- Stay at the computer and watch what is happening during the session.
- End the session immediately if the person opens unrelated files, asks for passwords, asks for payment, or tells you not to contact anyone else.
- Report any unexpected remote-support request to IT, even if you did not click anything.
Do not:
- Call a phone number from a scary pop-up or unexpected renewal email.
- Install remote access software because a stranger says your device is infected.
- Type passwords, MFA codes, banking details, or credit card information while an unknown person is viewing your screen.
- Let someone control your computer to process a refund, reverse a charge, or “secure” your money.
- Leave an unattended remote session open after the issue is finished.
- Assume a caller is legitimate just because they know your name, company, email address, or software you use.
Watch for refund and subscription tricks
Some remote-access scams pretend to be about an antivirus renewal, tech support subscription, online order, or accidental overpayment. The message may say you were charged and must call within 24 hours to cancel.
If you call, the scammer may ask to connect to your device and open a fake refund page. They may then claim a mistake was made and demand that you send money back by bank transfer, gift card, cryptocurrency, or payment app.
That is a major warning sign. Legitimate companies do not need remote control of your computer to cancel a normal subscription, and they do not ask you to repay refunds through unusual payment methods.
If you are unsure
Stop and verify. Contact your IT support team, manager, or the company using a phone number or website you already trust. Do not use the number in the pop-up, unexpected email, or text message.
If you already allowed remote access and now feel unsure, disconnect from the internet if instructed by IT, end the remote session, stop using the device for banking or sensitive work, and report it quickly. If you entered a password, change it from another trusted device and ask IT to check your account activity.
Remote support is safe when it is expected and verified. The rule for staff is simple: no surprise remote access, no secret sessions, and no clicking Allow until the request has been confirmed.
Sources: FTC Consumer Advice — How To Spot, Avoid, and Report Tech Support Scams; FTC Business Blog — Protect your business from scams and online threats this National Small Business Week; CISA Secure Our World — Recognize and Report Phishing.
