Report a ScamFAQs

How can we help you?

Support Home
Safety PracticesSafety PracticesSafety Practices
How to Stay Safe After a Scammer Installs a RAT on Your Computer
Preventive Education
Be aware of fraud
Be aware of blackmail - sextortion scams
Be aware of other blackmail scams
Be aware of different forms of hacks
Be aware of ransomware scams
Be aware of investigative scams: scams of scams
Be aware of NFT scams
Safety Practices
New in crypto? 10 things to do to protect yourself
Using a wallet safety practices
Checking a domain
Safety practices to avoid sextortion scams
How to Stay Safe After a Scammer Installs a RAT on Your Computer
Be aware of romance scams
Safety practices to avoid hacks
Safety practices to avoid investment scams
Safety practices to avoid fraud
Safety practices to avoid blackmail
Safety practices to avoid asset recovery scams
Safety practices to avoid NFT scams
Safety practices to avoid ransomware
Recovery Insights
Understanding the recovery of stolen crypto funds and how to avoid asset recovery scammers
Reporting your case to Law Enforcement: what to include, what to expect, who to contact based on where you are based
I may have been hacked
I may have been a victim of a fraud
I may be a victim of blackmail
I may have been a victim of ransomware
I may have been the victim of a theft
Names of Private Investigative firms
U.S. Law Enforcement and Victim Support Contact Information
How to Report Crypto Crimes Effectively: A Step-by-step Guide
How to Spot Legitimate Crypto Recovery Companies
The Ultimate Guide: How to Recover Stolen Cryptocurrency

How to Stay Safe After a Scammer Installs a RAT on Your Computer

Scammers are experts at tricking people — including smart, careful people. This is not your fault. Scammers are increasingly manipulating victims into installing something called a RAT (Remote Access Tool) on their computers. This type of program allows the scammer to see the victim’s screen, move the mouse, access files, and sometimes even control bank or crypto accounts.

If this has happened to you, you are not alone — and there are clear steps you can take to stay safe.

This guide explains:

  • What a RAT is (in simple terms)
  • What you should do immediately after discovering one
  • How to remove the scammer’s access
  • Questions investigators can ask to better understand the situation

Our goal is to protect you from further loss and help investigators understand what happened.

1. What is a RAT (Remote Access Tool)?

A RAT is a program that lets another person remotely control your computer. You can think of a RAT like handing a stranger your house keys — they can walk around, look in your drawers, and take things without you seeing. These tools are sometimes used by real support technicians, but in a scam, the person on the other end is pretending to help while secretly putting your money and personal information at risk. If you ever saw your mouse moving on its own or windows opening on your computer without you touching anything, that is a strong sign someone had remote access. Scammers often disguise it as:

  • “Help” software
  • A “security check”
  • A “bank verification tool”
  • A “crypto recovery” or “trading assistant”

If a scammer has access to your computer through one of these tools, they may be able to:

  • View your screen
  • Take control of your keyboard and mouse
  • Access your email, bank, crypto exchange, or wallet
  • Steal personal information

This is why removing their access quickly is extremely important.

2. Immediate steps to protect yourself

Do these steps in order. If any step feels too hard, seek assistance rather than skipping it. Even if you’re not comfortable with technology, these steps can keep you safe:

Step 1: Disconnect the computer from the internet

Unplug the cable or turn off Wi-Fi. This immediately stops remote control.

Step 2: Stop using the computer for financial activities

Do not log into your bank, crypto exchange, or email until the computer is safe.

Step 3: Remove the remote access program

These programs can be used for legitimate help, but if a scammer asked you to install them, they should be removed. Look for any ‘remote help’ or ‘remote support’ apps that the scammer asked you to install. If you open a program and it immediately shows a 9‑digit code or ‘your ID’ to share with support, it is likely a remote access tool. These programs often include:

  • AnyDesk
  • TeamViewer
  • LogMeIn
  • GoToAssist
  • Zoho Assist
  • Supremo
  • ScreenConnect
  • QuickSupport
  • UltraViewer

If you see any of these programs on your desktop or in your list of installed software, they should be removed.

If you don’t know how to remove them, ask someone you trust or a certified technician. Do not let anyone who contacts you unexpectedly “fix” your computer.

Step 4: Contact your financial institution

Contact your bank, card provider you use by calling the number on the back of your card. Tell them someone had remote access to your computer. Ask them to:

  • Add extra security checks for transfers
  • Watch for unusual activity or freeze the account if needed
  • Note that you may be a scam victim

Ask the bank or card provider to read out recent logins and transactions with you so you can confirm anything you don’t recognize.

Step 5: Change your passwords from a different, safe device

Start with:

  • Email
  • Bank accounts
  • Crypto exchanges
  • Digital wallets

Turn on two‑step verification / 2FA (a code sent to your phone or app) wherever possible, especially for bank, email, and crypto accounts.

If you ever showed the scammer your crypto recovery words (seed phrase) or typed them while they could see your screen, move your crypto to a brand‑new wallet with a new set of recovery words. The old wallet should be treated as unsafe permanently.

Step 6: Consider a full malware scan or professional cleanup

A reputable computer technician can check if anything else was installed. Do not contact the scammer again, even if they promise to “help you get your money back.” If they call, text, or email you again, hang up or ignore the message and tell your bank or the police instead.”

3. For investigators and law enforcement: Guiding questions to understand the situation

Many victims tell us they are not comfortable with technology or feel embarrassed. The questions below are designed to be simple and non‑technical.

Below is a structured question set investigators can follow.

A. Questions to identify whether the scammer installed Remote Access Software

  1. “Did the scammer ask you to download a program so they could ‘help’ you?”
  2. “Did you share a code or session ID with them?”
  3. “Do you remember the name of the program? (AnyDesk, TeamViewer, etc.)”
  4. “Did you see the scammer controlling your mouse or typing on your screen?”
  5. “Did you leave the program installed after the call ended?”

What this helps determine: Whether a RAT program is installed and still active.

B. Questions about the victim’s computer behavior after the scam

  1. “When you turn on your computer, do windows pop up unexpectedly?”
  2. “Have you noticed your mouse moving on its own?”
  3. “Has your computer been slower than usual?”
  4. “Did you receive any follow-up calls telling you that your computer ‘has issues’?”

Why this matters: These are signs that the scammer may still have access.

C. Questions to evaluate ongoing risk to financial accounts

  1. “Did you log back into your bank or crypto account after the scam?”
  2. “Did you save your passwords on the computer that the scammer accessed?”
  3. “Have you received emails or text messages about login attempts?”
  4. “Did you give the scammer photos of your ID or any codes?”

Purpose: Determines the urgency of password resets and account monitoring.

D. Questions to guide safe cleanup steps

  1. “Do you feel comfortable removing programs on your computer?”
  2. “Do you have someone you trust who can help you with this?”
  3. “Would you like instructions on how to uninstall the software?”
  4. “Would you prefer to take the computer to a certified technician?”

Goal: Match the victim with the right level of support.

4. Quick checklist

✔ Disconnect internet

Stops the scammer immediately.

✔ Uninstall any remote access software

Use the “Add/Remove Programs” section on Windows or “Applications” folder on Mac.

✔ Restart the computer

Some access tools run only when active.

✔ Change all passwords from a different device

Phone, tablet, or a friend’s computer.

✔ Contact the victim’s bank or exchange

Flag the account for suspicious activity.

✔ Run a basic antivirus scan

Windows Defender, Avast, Malwarebytes, etc. If you don’t already have antivirus, ask a trusted person or technician to help you choose one. Avoid downloading antivirus from links sent by text, email, or pop‑up windows.

✔ If unsure, take the computer to a professional

Important for older victims who may not feel comfortable doing this.

Summary: Keeping victims safe

  • RATs give scammers dangerous control over a computer.
  • Removing them quickly prevents additional financial loss.
  • Older victims often feel embarrassed or confused — clear guidance is essential.
  • Investigators can use structured questions to understand the incident and advise next steps.

Chainabuse’s goal is to provide simple, practical, and safe instructions that anyone — regardless of age or technical knowledge — can follow.

Want help on your case? Report a scam and opt-in to get personalized support.