Online scams are becoming more dangerous and convincing every day. Cybercriminals are finding new ways to gain not just your login credentials but full control of your computer and your bank accounts. Take John from King George, Virginia, for example. He recently shared his alarming experience with us. His story is a powerful warning about how quickly things can escalate if you respond to suspicious emails. Here is what happened to John in his own words,
“I mistakenly responded to a false PayPal email notifying me of a laptop purchase. The message looked real, and I called the number listed. The person on the phone gave me a strange number to enter into my browser, which installed an app that took control of my PC. A warning popped up saying ‘software updating – do not turn off PC,’ and I could see my entire file system being scanned. The scammer accessed my bank account and transferred money between accounts. He told me to leave my PC running and go to the bank, keeping him on the phone without telling anyone what was happening. I shut everything down, contacted my bank, and changed my passwords.”
John’s quick thinking in shutting down his computer and alerting his bank helped minimize the damage. However, not everyone is as lucky.
How this scam works
This type of scam is known as a remote access scam. It often begins with a fake email that appears to come from a trusted company like PayPal. The message claims there is an issue, such as an unauthorized charge, and urges the victim to call a phone number or click a link. Once the scammer makes contact, they guide the victim to enter a code into their browser or install a program, claiming it will fix the problem. In reality, this grants the scammer full control of the victim’s computer. Once inside, scammers often search for sensitive files, access banking websites, steal login credentials, or install malware to maintain long-term access. Even if the immediate scam is stopped, hidden malware can allow scammers to re-enter the system later.
What John’s story teaches us about remote access scams
John’s close call highlights several important lessons:
Fake emails are harder to spot than ever: Scammers create emails that look almost identical to real ones from trusted companies like PayPal. They copy logos, formatting, and even fake customer support numbers.
However, a legitimate email from PayPal will always address you by your first and last name, or your business name. If your name is not at the top of the email, it is NOT legitimate. Any message that uses a generic greeting such as “Dear user” or “Dear PayPal member” should be treated with suspicion and is likely a phishing attempt.
Always double-check the sender’s email address and verify communications by visiting the official website or app directly instead of clicking links inside emails.
Remote access scams can escalate fast: Once scammers gain control of your device, they can steal sensitive data, move funds between accounts, and install hidden malware that stays behind even after the scammer disconnects. It often takes only minutes for serious damage to be done, making fast recognition critical.
Psychological pressure plays a big role: Scammers rely on creating a sense of urgency and fear. By keeping you on the phone and urging secrecy, they isolate you from help and rush you into making bad decisions. Recognizing when you are being pressured is key to breaking the scammer’s control.
Fast action can make all the difference: By quickly disconnecting his computer and contacting his bank, John limited the scammer’s access to his accounts. Acting within minutes rather than hours can stop further theft, block fraudulent transactions, and protect your sensitive information from being fully compromised.
How to protect yourself from remote access scams
Taking simple but strong security steps can protect you from falling victim:
1) Never call a number listed in a suspicious email: Scammers often set up fake phone numbers that sound professional but are designed to manipulate you into handing over control or information. Always find verified contact information through a company’s official website or app, not links/numbers provided in suspicious messages.
2) Be skeptical of unusual instructions: No legitimate company will ask you to install software or enter strange codes to protect your account. If anything seems unusual, trust your instincts and stop the communication immediately.
3) Install strong antivirus software on all devices: Antivirus programs can detect suspicious downloads, block remote access attempts, and help prevent hackers from taking over your system. Having strong antivirus protection installed across all your devices is the best way to safeguard yourself from malicious links that install malware and attempt to access your private information. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
TotalAV is easy to set up and offers real-time protection for paid users, keeping your devices safe around the clock. It includes tools to block phishing scams, remove ransomware and spyware, and clean up adware and junk files. The software also features a browser manager, system tune-up tools, and protects across Windows, Mac, Android, and iOS devices.
GET MY EXCLUSIVE CYBERGUY TOTALAV DEAL:
Please note:
1) If you're having difficulty seeing either of the above deals, do this:
- If you're on a mobile device, hold down the link above, "Copy Link", and then paste it into a private or incognito browser.
- If you're on a laptop or desktop, right click the link, "Copy Link", and then paste it into a private or incognito browser.
2) During registration you may see optional upsells you can decline. Our top pick is the core antivirus product.
3) If you need help after your purchase, you can reach TotalAV directly through their official support page here.
4) Use identity theft protection: These services monitor financial accounts, credit reports, and online activity for signs of fraud, alerting you to suspicious transactions.
Services like Identity Guard can alert you if your information is compromised and assist you in recovering from identity theft. These companies monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or used to open unauthorized accounts. They can also help you freeze your bank and credit card accounts to prevent further criminal activity.
One of the best parts of my top pick, Aura Identity Protection, is its all-in-one approach to safeguarding your personal and financial life. Aura includes identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.
Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.
See my full list of trusted identity theft protection services and expert tips to stay safe online.
5) React immediately if you suspect a scam: Disconnect your device from the internet, contact your bank or credit card company immediately, and change your passwords, especially for banking and email accounts. Monitor your accounts closely for unauthorized activity and report the scam to the Federal Trade Commission (FTC) as well as the company that was impersonated. Acting quickly can prevent further access and limit the damage scammers can cause.
6) Use multifactor authentication (MFA): MFA adds a critical layer of security beyond passwords, blocking unauthorized logins even if credentials are stolen. Enable MFA on all accounts, especially banking, email, and payment platforms, to stop scammers from bypassing stolen passwords.
7) Update devices and software immediately: Regular updates patch security flaws that scammers exploit to install malware or hijack systems. Turn on automatic updates wherever possible to ensure you’re always protected against newly discovered vulnerabilities.
8) Employ a password manager with strong, unique passwords: Avoid password reuse, and use complex passphrases to minimize credential-stuffing attacks. A password manager generates and stores uncrackable passwords, eliminating the risk of weak or repeated credentials.
- Unlimited password storage
- Secure sharing
- Password health reports
- Auto-fill and emergency access
- Data breach monitoring to alert you if your credentials have been exposed
- A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!
9) Never share screen access or grant remote control: Scammers exploit screen-sharing tools to steal passwords and manipulate transactions in real time. Legitimate tech support will never demand unsolicited screen access-terminate the call immediately if pressured.
10) Invest in personal data removal services: These services automate requests to delete your personal information from data brokers and people-search sites, reducing publicly available details scammers could exploit for phishing or impersonation. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
A Texas mom says she spent the night in jail after speaking up online about dirty water in her town. The case was later dropped, but her story raises a troubling question: could something you post online ever put you at risk?
Missed this event? Sign up via the registration form and see our live recording.
See Kurt’s 2026 picks for practical tech and everyday upgrades.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
Related Links:
- The urgent PayPal email scam you can’t afford to ignore
- Protect yourself from tech support scams
- Don’t click that link! How to spot and prevent phishing attacks in your inbox
Kurt’s key takeaways
John’s story is a reminder that online scams are evolving quickly and becoming more aggressive. Staying skeptical, verifying all suspicious messages, and acting quickly if something feels wrong can make the difference between staying safe and losing sensitive information. Protect your devices, trust your instincts, and remember it is always better to be cautious than to take a risk with your security.
Have you or someone you know been targeted by a scam like this? Share your experience in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🎙 Now Streaming: My New Podcast: The CyberGuy Report
Kurt’s Top Deals
Deals move fast and inventory can be limited, so don’t wait too long.
| 🔥 Editor’s pick  Summer entertaining Ninja SLUSHi Machine (26% off) Frozen drinks and slushies at home in minutes. | |
| 💰 Top deal  Outdoor essential TYPEC Solar Bug Zapper (36% off) Solar-powered bug zappers for patios and camping. |
4 comments
This happened to me too with PayPal. Only difference is, I didn’t click on the link, I went directly to my PayPal account and the hackers had somehow gotten into it because the charge was on it too. It’s two charges for $489.00 each for bitcoin purchases. At the time I had no clue what a “bitcoin” was so I knew it was a scam. I contacted PayPal and reported it as a scam and to remove those charges from my PayPal account – to this day, PayPal refuses to investigate or remove the charges so I stopped using PayPal because they won’t allow you to close the account with open charges on it. It’s ridiculous how PayPal refuses to help in this scam and makes me wonder if they’re not in on it for some kickback. Thank you for this writeup.
I never open these types of email. I always forward a copy of Paypal threats to phishing@paypal.com. If indoubt, I always login to my credit card/bankieng or whichever account was targeted to verify nothing has transacted. If there are questionable transactions, I immediately challenge them with the card/bank other account company. I have even had the cards replaced if it were necessary.
The PayPal story is a serious issue. It happened to my brother and he was scammed for hundreds of thousands of $$$$$ from an investment account . If anyone has been scammed by this fraud they need to report not only to their banks, credit accounts plus investment accounts but also report it to the FBI (there is an online FBI website for fraud). Also report the fraud to the IRS
Closed out my 20-year-old Paypal account after learning that they can ban you for “misinformation.” Something came out in the news about this and they denied it, but if you check their Ts&Cs, you’ll see that they left it in. Scummy.