Hacking incident

Question

I was hacked by individuals posing as Microsoft technicians. I gave them access to my computer.

Answer 1

Hi Isidore Halberstam, 

I understand how stressful this situation can be, especially since someone pretending to be Microsoft support was able to access your computer remotely. Let’s first focus on stopping any possible ongoing access, then checking the device and protecting your accounts. 

To narrow this down, could you please confirm a few details? 

• Is this a personal Windows device, or is it managed by your work or school? 
• Do you remember which remote access app they used, such as AnyDesk, TeamViewer, Quick Assist, Remote Desktop, UltraViewer, or another app? 
• Did you enter or share any passwords, Microsoft account information, banking details, payment card details, security codes, or personal documents while they were connected? 
• Did they ask you to make a payment, buy gift cards, transfer money, install software, or create a new user account? 
• Is the computer still connected to the internet, and do you still see any remote access app running? 

In the meantime, please try the steps below: 

1,Disconnect the affected computer from the internet 

• Turn off Wi-Fi or unplug the Ethernet cable. This can help stop any active remote session while you check the device. 

2,Stop communicating with the callers 

• Please do not continue the call, chat, or any remote session with them.  

3,Change important passwords from another trusted device 

• Use a different phone or computer that was not accessed by them. Start with your Microsoft account, email account, banking accounts, and any other account you opened while they had access to your PC.  For your Microsoft account, you can review your security information here: https://account.microsoft.com/security 

4,Enable two-step verification where possible 

• For your Microsoft account and important services, turn on two-step verification or another MFA method.  

5,Remove remote access apps they may have installed 

• On the affected PC, go to Settings > Apps > Installed apps. Look for apps such as AnyDesk, TeamViewer, UltraViewer, RemotePC, remote support tools, or any unfamiliar program installed around the time of the incident. Uninstall anything you do not recognize or did not intentionally install. 

6,Run a full security scan 

• Open Windows Security > Virus & threat protection > Scan options.  Run a Full scan first. After that, run Microsoft Defender Offline scan from the same Scan options page. 

7,Check for unknown user accounts 

• Go to Settings > Accounts > Other users.  If you see an account you do not recognize, please removing it.

8,Contact your bank or payment provider if financial details were shared 

• If you shared card details, bank information, gift card codes, or made any payment, contact the bank or payment provider immediately and report possible fraud. 

9,Report the technical support scam 

• You can report the scam to Microsoft here: https://support.microsoft.com/security/avoid-and-report-microsoft-technical-support-scams 

If the PC still behaves suspiciously after these steps, such as unknown apps returning, browser pages opening by themselves, unexpected sign-in prompts, or signs of remote control, please share what you see. Depending on the result, the safest next step may be to back up your personal files and reset Windows. Thank you so much for your understanding. 

---

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

Answer 2

If the computer is still hacked, disconnect the internet and shut down your computer. Your next best option is to bring it to Best Buy’s geek squad for them to help you with it. Tell them everything.