Remote Desktop Scams: How Cybercriminals Steal Your Money with AnyDesk and TeamViewer

Written By Bálint Hada

Introduction: An Old Trick with a New Face

In recent years, there has been a surge in cybercrime cases—especially in Europe—where scammers pose as bank employees or service providers and convince victims to install remote desktop software such as AnyDesk, TeamViewer, or RustDesk. Once installed, this software gives the attacker full access to the victim’s device, allowing them to log into their internet banking and transfer all available funds.

This form of fraud, often referred to internationally as “screen-sharing scams” or “AnyDesk scams,” is particularly dangerous because it relies heavily on social engineering and the victim’s cooperation.

How Victims Are Manipulated into Installing Remote Access Software

Social Engineering and Psychological Manipulation

These attacks succeed mainly due to psychological tactics. Scammers typically call the victim unexpectedly, posing as a representative from a bank or a well-known service provider. They claim there's an urgent issue—suspicious transactions, fraud attempts, or technical errors on the victim's account—and insist that immediate action is required.

To add credibility, the attacker may spoof the caller ID to display the bank’s official customer service number. They often speak confidently and use industry-specific jargon to come across as legitimate professionals. In many cases, the scammers are fluent in the local language and trained to sound trustworthy, reducing the likelihood of suspicion.

Fake Justifications and Scenarios

Scammers give seemingly logical reasons to persuade victims to install remote desktop software. Common excuses include:

  • Security verification or fraud mitigation: They claim suspicious activity has occurred and they need to “secure” the account remotely.

  • Fake antivirus installation: The remote software is described as a “security tool” needed to remove malware.

  • Refund or prize scam: Victims are told they’re entitled to a refund or have won a prize, and they need to install software for “identity verification.”

During the call, the victim is carefully guided step-by-step: downloading the software, installing it, and providing the access code. The scammer often preempts and dismisses any warnings shown by the software (e.g., that remote control may compromise security), explaining it’s part of a “new bank security protocol.”

The Technical Steps of the Attack

Once the software is installed and the attacker is connected, the scam progresses rapidly.

Step 1: Remote Access Gained

Remote desktop tools generate unique IDs or session codes. The scammer asks for this code or instructs the victim to approve a session. Once connected, the attacker can fully control the device, moving the mouse, typing, and opening applications as if sitting at the desk.

Step 2: Banking Credentials Stolen

Several techniques are used to harvest banking information:

  • Direct observation: The scammer asks the victim to log in to their online bank account “for verification.” Login credentials and even two-factor authentication codes are captured in real-time.

  • Dictation method: In some cases, the scammer outright asks for card details, online banking usernames and passwords, or SMS authentication codes—claiming these are needed to "block suspicious activity."

  • Hidden activity: Some remote tools allow attackers to blank the screen or hide their activity, making it harder for victims to realize what’s happening. Attackers can quietly log in to online banking using stolen credentials and initiate transfers in the background.

Step 3: Money Transferred Out

Once inside the online bank, attackers immediately begin transferring money—often to mule accounts, foreign banks, or crypto platforms. Transfers might happen in multiple small amounts to avoid detection. Some scammers maintain contact with the victim for hours or even days, using pretexts like “continued monitoring” or “technical checks.”

Step 4: The “Secure Account” Scam

In many cases, scammers convince the victim to initiate the transfers themselves. They claim the money must be moved to a so-called “secure account” to protect it from hackers. This account is, of course, under the attacker’s control. Legitimate banks never ask clients to move money for security reasons.

Step 5: Card Abuse

If the attacker obtains card details, they may modify transaction limits via the online bank and use the card for unauthorized online purchases. Victims are sometimes tricked into approving these payments by sharing SMS codes—believing they’re confirming a legitimate anti-fraud action.

Step 6: Covering Their Tracks

Once funds are stolen, the scammer may delete the remote software, clear logs, and abruptly end the connection. Victims often remain unaware of the theft until they check their bank balance or receive transaction alerts.

Related Tactics: Phishing Links and Fake SMS Messages

Remote desktop scams are often part of larger campaigns that include phishing. Victims may first receive a text or email claiming a suspicious login, missed delivery, or unpaid invoice, urging them to click a link. These links often lead to fake banking websites or malware downloads disguised as tracking apps or customer support tools.

Once the victim logs in to the fake site or installs the malicious app, the attacker gains access to credentials or even full control over the device. These phishing messages may appear professional but often contain small linguistic mistakes, such as missing accents or unnatural phrasing.

Why These Scams Are So Effective

These scams work because victims are manipulated into participating. The scammer’s authority, technical jargon, and sense of urgency bypass critical thinking. Even educated and tech-savvy people have fallen for them.

Additionally, the remote desktop software itself is legitimate and widely used. Antivirus programs won’t flag them, and there’s nothing inherently malicious in installing them—unless you’re doing so under pressure from a scammer.

How to Recognize and Prevent Remote Access Scams

Here are practical steps you can take to avoid becoming a victim:

  • Be wary of urgency and fear tactics. If someone pressures you into immediate action, stop and think. Hang up and verify independently.

  • Don’t trust caller ID alone. Numbers can be spoofed. If in doubt, call your bank directly using the number on the back of your card or on their official website.

  • Never install software on someone’s instructions. No legitimate company will ask you to install remote desktop software.

  • Don’t share personal or banking information over the phone. This includes passwords, PINs, card numbers, and SMS codes—even if the caller seems convincing.

  • Ask verification questions. Real bank representatives can answer questions about your account history or balance; scammers cannot.

  • Ignore “secure account” requests. There is no such thing. Banks will never ask you to transfer your money elsewhere for safety.

  • Don’t click suspicious links in texts or emails. Especially if they request login or payment info. Type the URL manually or access your account through official apps.

  • Educate friends and family. Especially older relatives who may be less familiar with these tactics. Prevention starts with awareness.

If It Happens to You

If you suspect you’ve been scammed:

  • Immediately contact your bank. They may be able to block transactions and freeze access.

  • Notify the police or relevant cybercrime unit.

  • Do not blame yourself. These scams are sophisticated and prey on trust. Your quick reaction can minimize the damage and help others stay safe.

Stay alert, think critically, and remember: no legitimate organization will ask you to "protect your account" by handing over full control of your device.

Bálint Hada
Next

Understanding DDoS Attacks: Types, Mitigation, and Notorious Groups