Tech Support Scam Recovery: What to Do If You Gave Scammers Access to Your Computer

Tech Support Scam Recovery: Step-by-Step

⚠️ WARNING: Recovery scams target recent victims. After a tech support scam, scammers often call back pretending to "refund" your money — leading to MORE theft. Anyone promising to recover your money or offering a "refund" for an upfront fee is also a scammer. Verify any caller claiming to help recover your funds through our scanner first.

You got the popup. It said your computer was infected with 27 viruses. It told you to call Microsoft support immediately. You called. A "technician" asked to remote into your computer. They ran fake scans. They charged you $499 for "lifetime protection." Or maybe you noticed something was wrong mid-call and disconnected too late.

Now what?

Tech support scams cost Americans over $924 million in 2024, and older adults bear the brunt of the damage. The good news: unlike some other scam types, tech support scams have clear recovery steps with a real chance of minimizing damage — if you act fast. The next few hours matter more than the next few weeks.

Here's exactly what to do.

Step 1: Disconnect From the Internet Immediately

If the scammer had remote access to your computer, they may still be in it — even if you've "ended the call." Some remote access tools (AnyDesk, TeamViewer, ConnectWise) allow persistent connections that survive after you close the software.

Right now:

If you're on Wi-Fi: Turn off Wi-Fi or disconnect from your network
If you're on Ethernet: Unplug the cable
If you're on a laptop: Enable airplane mode

This immediately cuts the scammer's access, stops any in-progress malware downloads, and prevents them from encrypting your files or stealing more data.

Don't turn off the computer yet — we need it on for the next steps.

Step 2: Assess What the Scammer Had Access To

Think carefully about what happened during the call:

Did they:

Run software on your computer (Windows Defender scans, TeamViewer, etc.)?
Open your browser to any websites?
Access your email?
Open any banking or financial apps?
View your documents folder?
Watch you type passwords?
See any credit card numbers, Social Security numbers, or sensitive information on screen?
Ask you to log into anything "so they could check something"?
Download any files or install any software?
Move or delete files?
Ask you to go buy gift cards and read the numbers to them?

Write down everything you remember. You'll need this list for the next steps.

Step 3: Change Critical Passwords From a Different Device

If the scammer had remote access, assume any passwords you typed during the call (or passwords saved in your browser) are compromised. Change them immediately — but use a different device like your phone, tablet, or another computer. Don't use the compromised computer.

Priority password changes:

Email account — especially your primary email. If they control this, they can reset every other password you have.
Banking and financial accounts — all of them
Credit card accounts (online access)
Investment/retirement accounts
Apple ID or Google Account
Password manager (if you use one — change the master password)
PayPal, Venmo, Zelle, Cash App
Amazon account (stored payment info)
Any account with your credit card saved

Enable two-factor authentication (2FA) on every account that supports it, especially email and banking. Use an authenticator app like Google Authenticator or Authy rather than SMS when possible.

Step 4: Secure Your Computer

Reconnect the computer to the internet only after you've changed critical passwords from another device.

Run security checks:

1. Uninstall any software the scammer installed. Common remote access tools they may have installed:

AnyDesk
TeamViewer
ConnectWise (ScreenConnect)
LogMeIn
UltraViewer
Zoho Assist

Check your installed programs list (Windows: Settings → Apps; Mac: Applications folder) and uninstall anything you don't recognize that was installed during the scam timeframe.

2. Run a full antivirus scan. Windows has built-in Windows Defender — open it and run a full scan (not quick scan). Mac users can use built-in XProtect or install Malwarebytes for Mac.

3. Run Malwarebytes. Malwarebytes Free is excellent at detecting remnants of tech support scams. Download, install, and run a full scan. Quarantine or delete anything it finds.

4. Check browser extensions. Scammers sometimes install browser extensions for ongoing access. Open your browser's extension manager and remove anything unfamiliar.

5. Check the Startup folder. Malicious software often installs itself to run at startup. On Windows, press Ctrl+Shift+Esc → Startup tab. On Mac, System Preferences → Users & Groups → Login Items. Remove anything suspicious.

6. Consider a factory reset. If the scammer had extensive access or if you're unsure what they did, the safest option is a full factory reset. This is a hassle but is the only way to be 100% sure they're out. Back up your important files first (photos, documents) to an external drive, then reset the computer to factory condition.

Step 5: If You Paid Them — Recover What You Can

Different payment methods have different recovery windows.

Credit card payment: Call your credit card company immediately. Dispute the charge as fraud. Credit cards have strong consumer protections under the Fair Credit Billing Act. You typically won't be held liable for fraudulent charges if reported within 60 days. File the dispute online or over the phone today, not tomorrow.

Debit card payment: Call your bank's fraud department. File a dispute under Regulation E. Debit card protections are weaker than credit cards, but fraud disputes are still possible. The sooner you report, the lower your liability.

Bank wire transfer: Call your bank's wire department IMMEDIATELY. If the wire hasn't fully cleared (usually 24-48 hours), they may be able to initiate a wire recall. This is a legitimate banking process. Be persistent. Ask specifically for a "fraud wire recall."

Gift cards: This is the hardest recovery path, but not hopeless:

iTunes/Apple gift cards: Call Apple at 1-800-275-2273 and explain you were scammed. They sometimes freeze unused balances.
Google Play gift cards: Report at support.google.com
Amazon gift cards: Call Amazon customer service at 1-888-280-4331
Walmart/Target/Best Buy gift cards: Contact the retailer's customer service

If the cards have already been redeemed by the scammer (which happens fast), recovery is unlikely — but report anyway for documentation purposes.

Cryptocurrency payment: See our Crypto Scam Recovery Guide for detailed steps.

Cash or check: If you sent cash or a check through the mail, file a postal inspection complaint at uspis.gov. Mail fraud is a federal crime.

Step 6: If You Gave Them Financial Access — Lock It Down

If the scammer accessed your banking or financial apps during the call (not just took payment), they now have information they can use to drain accounts over time.

Immediate actions:

1. Call your bank's fraud line. Not the main number — the fraud line specifically. Report the potential breach and ask them to:

Put a fraud alert on your accounts
Monitor for unusual activity
Issue new account numbers and cards if necessary

2. Freeze your credit at all three bureaus (Equifax, Experian, TransUnion). This prevents new accounts from being opened in your name. Freezes are free.

3. Place fraud alerts which last one year and are also free.

4. Monitor every account for 90 days minimum. Check daily for the first week, then weekly.

5. Set up transaction alerts on all credit cards and bank accounts. Most banks can text or email you for any transaction over a threshold.

6. File an identity theft report at identitytheft.gov.

Step 7: Report the Scam

Reports help track scam patterns, protect other victims, and occasionally lead to arrests.

Report to:

1. FTC — reportfraud.ftc.gov

2. FBI IC3 — ic3.gov

3. The company they impersonated. These companies actively track tech support scams impersonating their brand:

Microsoft: microsoft.com/en-us/concern/scam
Apple: support.apple.com (search "report scam")
Google: safebrowsing.google.com/safebrowsing/report_phish
Amazon: amazon.com/reportascam

4. Your state Attorney General

5. AARP Fraud Watch Network — 1-877-908-3360 — particularly helpful if the victim is older

Step 8: Watch Out for the Follow-Up Refund Scam

Tech support scammers often call their victims back a few weeks later with a new scam: a "refund." They claim they're going out of business, or that they accidentally overcharged you, and they want to "refund" your money. This is a second scam.

How the refund scam works:

The "refund department" calls and says you're entitled to a refund
They ask you to log into your bank account to "receive the refund"
They pretend to process a refund, then "accidentally" send you too much (a number they type into a field while they have control of your screen — no actual money moves)
They panic and beg you to return the "overpayment" — usually in gift cards, wire transfer, or cryptocurrency
You send them money thinking you're correcting an error. The original refund was fake. You just paid them again.

Red flags:

Anyone calling claiming to be from a tech company about a refund
Asking you to log into your bank account during the call
Urgency about "returning" an overpayment
Payment demands in gift cards or crypto
Requests to install remote access software again

Rule: Tech companies don't call you about refunds. Microsoft, Apple, Google — none of them cold-call customers. If you're ever unsure about a refund call, hang up and call the company directly using a number from their official website.

Step 9: Emotional Recovery

Tech support scams often target older adults, and the shame can be severe. Please know:

You were not stupid. These scams are engineered to exploit trust and urgency
The scammers are professional criminals doing this full time
Millions of people fall for tech support scams every year, including people with advanced degrees
Speaking up about what happened helps others avoid the same scam

Resources:

AARP Fraud Victim Support Line: 1-877-908-3360
National Elder Fraud Hotline: 1-833-FRAUD-11 (1-833-372-8311)
988 Suicide and Crisis Lifeline if you're struggling emotionally

How to Prevent It Next Time

Real tech companies never cold-call you. Microsoft, Apple, and Google do not monitor your computer or call about viruses. Ever.
Never call a number from a popup. If a popup says you're infected, close the browser. If you can't close it, restart the computer.
Never give remote access to unsolicited callers. Real support initiated by you (through a company's official website) may use remote access, but only after you've verified the company yourself.
Don't trust caller ID. Scammers spoof Microsoft and Apple phone numbers.
If in doubt, hang up and verify. Look up the real phone number on the company's official website and call them directly.
Use our scanner to verify any phone number or link before taking action on it.

Bottom Line

Tech support scam recovery is possible, but the first 24 hours are the most important. Disconnect, change passwords from a different device, dispute any charges, secure your accounts, and report to authorities. Then watch carefully for follow-up scams — the "refund" call is coming, and it's another trap.

If you're not sure whether a caller is legitimate, trust that instinct. Hang up. Call the real company yourself. A legitimate business will always be happy to verify their contact with you through their official channels. A scammer will not.

Verify any suspicious caller or link at ScamSecurityCheck.com

Related Recovery Guides:

Related Reading: