Remote Access Scams: How can your business identify and avoid them?

Have you ever allowed an IT support person to fix a technical issue by controlling your computer remotely? Over the years, remote support has cemented itself as one of the most valuable tools in tech support.

However, it’s also opened up the door to one of the most popular scam methods in the new decade. A remote-access scam is when a scammer gains unwanted access to a computer, phone or tablet for the purpose of stealing money and sensitive information.

According to Scamwatch, scammers have already stolen more than $8.1 million from Australians with remote access scams in 2021.

Not only are these scams widespread and growing in popularity, but the damage inflicted in each scam can be astronomical. People aged 55 years and over accounted for over $4.4 million in reported losses through remote access scams this year, and younger Australians reported losing $20,000 per scam on average.

So how do these scams work?

Typically, the victim will receive a phone call from a person claiming to be from a bank, telecommunications provider or other service providers. Think Telstra, the NBN or even the ATO.

Under these false pretences, the scammer will tell the victim that there is a technical issue on their device that can only be fixed with remote support. The scammer encourages the victim to download a remote access tool, which, once downloaded, allows them to take control of the victim’s device.

This ultimately results in the scammer performing a number of criminal activities, including:

• stealing the victim’s money
• viewing or downloading the victim’s sensitive information
• infecting the victim’s device with viruses for future scams.

Remote access scams are harmful enough when they target an individual. However, in 2021 they pose a major and often overlooked threat to businesses.

As a result of the pandemic, many Australian businesses have migrated their staff to working from home. While working from home certainly has its benefits, it also raises a pressing security challenge.

Sensitive business data is often taken from the workplace and shared throughout the home computers, phones and tablets of multiple employees. As such, scammers are tailoring their efforts to individual staff, attempting to gain access to their home and mobile devices for the valuable business data within.

How to avoid remote access scams

In 2021, it’s crucial that you and your employees are prepared for remote scam attempts. Here are three important steps you can take to notice and prevent remote access scams from affecting you and your business.

1. Never provide remote access to an unsolicited caller

The vast majority of service providers will not request remote access to your device, especially if they were the ones that called you. Create a list of companies and/or people that you’re willing to provide remote access to, and ensure that you and your staff do not provide remote access under any other conditions.

2. Familiarise yourself with remote access scam techniques

Conventionally, remote access scams are performed with well-known software such as Teamviewer or However, popularised work tools such as Zoom and Slack now have remote access functionality built-in. Be wary of unknown parties attempting to call through these apps, and ensure that staff know how to both identify and reject a remote access request on them.

3. Install a workplace VPN with rules to prevent remote access

If you have staff working remotely or from home, it’s essential that your workplace has enabled a VPN. Simply put, a VPN works a secure “tunnel” between your home and your workplace. By enabling a VPN, you can enforce automatic rules that prevent employees from downloading malicious remote access files in the first place.

4. Educate your workers on how to identify a remote access scam

While there is a plethora of educational content on cybersecurity, here are some basic safety rules that your staff should be aware of in regards to remote access scams.

• Be wary of any unexpected phone call from a telecommunications provider, technical support provider, or other major service providers.
• Check that the caller’s number matches the trusted phone number of their business.
• If an unexpected caller is requesting remote access to your device in order to fix a technical issue, refuse until their identity can be verified.
• If the caller is persistent and does not accept ‘no’ for an answer, end the phone call.
• Do not provide personal information or access details to an unexpected caller, such as your email and password.

Above all else, spreading awareness is the best thing that you can do to ensure the safety of your business and your colleagues. Normalise discussions about remote access scams and cybersafety in your organisation and take measured steps to ensure staff members know how to avoid them.

Remote access scams can occur at home, on the road, and even in the workplace, so make sure you never let your guard down.