cybersecurity Phishing Scams

Remote Access Scams on the Rise

Australia’s Scamwatch has just reported a sharp rise in remote access scams. This cyberthreat is also prevalent in the UK and around the globe. So what are remote access scams and what should you look out for to avoid falling victim to one yourself?

What is a Remote Access Scam?

Through phone calls, SMS messages and emails, scammers pretend to be from real companies and try to convince their victims to download software that then allows them remote access to that computer or smartphone or tablet.

As knowledge of cybercrime increases among consumers and employees, scammers use this to prey on the growing fear of viruses and malware, and of losing money to fraud and identity theft. They use realistic-seeming messages to create a false sense of urgency, and give victims little opportunity to verify the caller. They push people to provide private information such as passwords, or to download software that, the scammers say, will help them to quickly remedy the “threat”.

A multi-million dollar industry

The ACCC’s Scamwatch reported that cybercriminals have stolen $7.2 million AUD – about £3.8 million – through remote access scams so far in 2021. It’s a 184% increase compared to last year. A total of nearly 6,500 Australians log reports of remote access attempts, many of which involved the perpetrators acting in the guise of a well-established organisation, such as Amazon, the Police or a government body.

The UK has also experienced the damaging impact of remote access scams. In November 2020 alone, fraud victims lost over £2.1 million to cybercriminals impersonating a broadband service provider. After being persuaded to download a RAT (Remote Access Tool), the scammers were able to infiltrate the victim’s bank accounts and remove funds.

Surreptitious downloads

It isn’t only the request for passwords or to download software that can enable remote access. Scammers are able to gain access to your device remotely, even without encouraging you to download software.

There have been reports of cybercriminals impersonating an internet service provider or software company to alert customers to the fact that their WiFi is running slowly or that there has been a data breach. They direct victims to a specific website and ask them to enter a specific command prompt. Unbeknownst to them, this will activate a download or allow them to take control of a device remotely.

How to protect yourself against remote access scams

If you get an unsolicited call, text or email from any organisation requesting access to your device or asking you to download their suggested software, never comply, however insistent or reassuring they may seem.

  1. Firstly, even if you feel they might be genuine and their intentions above board, politely tell them you’ll call them back. Search for the number that appears when you do an internet search or on their website rather than the one they called you from or that they suggest you use. If it is vital to have a download, you’ll be put through to the right people. And if it is a scam, calling the affected organisation will enable them to alert customers to potential threats.
  2. If you are beginning to feel pressured or the caller is insisting you act urgently – see this as a red flag. Take your time to ask questions and learn more, or simply hang up the phone. 
  3. Remember that a bank or a reputable organisation will never ask for your password, pin over the phone, or ask you to download anything. So, if you are asked to do any of these, it’s highly likely to be a scam.
  4. It is also a good idea to report any suspicious calls involving remote access to Action Fraud in the UK, the Internet Crime Complaint Bureau in the USA, or Scamwatch if you’re in Australia.