A common scam involves fake technical support tricking the victim into calling them, downloading remote access software, and allowing the scammer access to their computer.
Suppose the victim recognises the attack part way through and shuts down their computer. What should they do next?
Here's what I guess should be done
Secure device
- Ensure computer is not connected to the internet
- Switch it on
- Uninstall remote desktop software
- Change user password used to log in to windows (or other OS)
Inspect the damage
- Look for any new files by looking in likely locations (Desktop, Downloads, Documents etc), ordering by date created/modified, and inspecting for anything new and suspicious
- Look for any files that may have been deleted (unlikely a scammer would bother with this, but best to be sure). Check the recycle bin / trash for deleted files.
- Take an inventory of the files on your computer and be aware that the scammer could have copied any/all of them.
- If any files contained plaintext passwords, change those passwords immediately (on all websites/apps that use the same password).
- Be aware that any data stolen could be used as blackmail or identity theft.
Thing I don't know
- Should the victim reinstall their operating system?
- If the devise had multiple users, should other uses change their passwords or just the victim?
- Could the scammer have installed software that could cause future harm, and if so, what should be done about this?
- Is there anything else to be aware of?