How Hackers Use AnyDesk (Home PC) — Defender-Focused Explanation
==================================================================

Important note
————–
AnyDesk is a legitimate remote-access tool used for real tech support and remote work.
This document explains how criminals misuse it at a high level so you can recognize and
prevent scams. It does NOT provide step-by-step instructions for misuse.

What AnyDesk is (and why scammers like it)
——————————————
AnyDesk lets someone control a computer remotely (mouse/keyboard), view the screen, and
often transfer files or use the clipboard. Attackers like it because:
– It looks “legitimate” (it’s a real support tool)
– It gives full interactive access once you approve a session
– It can be set up for “unattended access” so they can return later
– Many people will install it if “support” tells them to

Most common scenario on a home PC: Social engineering
—————————————————–
For home users, the #1 way criminals “use AnyDesk” is by tricking you into installing it
and approving a session. Common scam themes include:
– “We’re Microsoft/Apple/your ISP—your PC is infected.”
– “Your bank account has fraud—we need to secure your device.”
– “You owe a refund—let us connect to process it.”
– “A package/delivery/payment issue—verify your identity.”

They pressure you to:
1) Download AnyDesk
2) Read them the AnyDesk address/code
3) Click “Accept” / approve prompts
4) Sometimes enter Windows credentials when prompted

Once connected, they may:
– Open your browser and access saved logins (email, banking, shopping)
– Steal personal files (tax docs, scans, photos)
– Install additional programs
– Change settings to keep access

How scammers try to keep access (persistence)
———————————————
Some scammers try to turn a “one-time support session” into ongoing access by:
– Installing AnyDesk instead of running it one time
– Enabling AnyDesk to start with Windows
– Setting up “unattended access” (so they can reconnect later without asking)
– Creating other remote-access paths or adding startup items

Signs of persistence can include:
– AnyDesk launches automatically after reboot
– AnyDesk shows recent sessions you don’t recognize
– New icons/apps appear that you didn’t install
– Unusual startup behavior or new “services” related to remote tools

What they do during the session (typical criminal actions)
———————————————————-
These are high-level examples of what victims commonly report:

1) Stealing accounts and money
– Logging into email (email can reset passwords for everything else)
– Accessing banking/shopping sites
– Changing account recovery options (phone/email)
– Installing browser extensions or saving “their” access

2) Data theft
– Copying documents (tax returns, IDs, passwords stored in files)
– Transferring files out using built-in transfer features
– Using the clipboard to copy sensitive info

3) Scare tactics and fake “proof”
– Opening Event Viewer and claiming normal warnings are “hackers”
– Running built-in tools to show harmless entries as “malware”
– Showing fake invoices or fake “refund” screens

4) Installing more software (worse than AnyDesk itself)
– Password stealers, spyware, or other remote tools
– Tools that hide themselves or run at startup
– Ransomware in more severe cases

Red flags: How to spot an AnyDesk scam quickly
———————————————–
– Unsolicited call/text/pop-up saying you’re hacked or owe money
– Pressure and urgency (“act now or you’ll lose access/money”)
– They ask you to install AnyDesk (or similar) and read them the code
– They ask for your bank login, one-time codes, or to “confirm” MFA codes
– They tell you to ignore warnings or not tell anyone

Golden rule:
– Legit companies do NOT cold-call you and demand remote access.
– If you didn’t initiate support, do not install remote tools.

What to do if you think you were scammed (immediate steps)
———————————————————-
1) Disconnect immediately
– End the AnyDesk session, turn off Wi‑Fi/unplug ethernet.
– Power off if you can’t regain control.

2) Remove AnyDesk (and other unknown tools)
– Uninstall AnyDesk from Apps/Programs.
– Check for other unfamiliar remote tools installed at the same time.

3) Change passwords safely (from a different device if possible)
– Start with email (most important), then banking, then major accounts.
– Enable MFA everywhere (authenticator app or security key preferred).

4) Check accounts for tampering
– Review forwarding rules in email, recovery phone/email changes, new devices logged in.
– Check bank transactions and contact your bank immediately if fraud occurred.

5) Scan your PC
– Run a full antivirus scan (Microsoft Defender or reputable AV).
– If you suspect deeper compromise, back up important files and consider a clean reinstall.

6) Consider freezing your credit (if sensitive ID info was exposed)
– Especially if the scam involved identity documents or SSN.

How to prevent it on a home PC
——————————
– Don’t install remote-access apps at someone else’s request.
– Only use remote support if YOU initiated it and verified the company.
– Use a standard (non-admin) Windows account day-to-day.
– Keep Windows and your browser updated.
– Use a password manager + unique passwords.
– Turn on MFA for email and financial accounts.
– Back up important files (cloud + external drive) and test restores.
– Teach family members the “AnyDesk scam” pattern.

If you use AnyDesk legitimately
——————————-
– Keep it updated.
– Disable “unattended access” unless you truly need it.
– Use strong authentication and review trusted devices/sessions.
– Don’t leave it running if you don’t need it.

Quick checklist (printable)
—————————
[ ] I did not install AnyDesk because someone contacted me unexpectedly
[ ] I never share remote-access codes with strangers
[ ] Email and banking have MFA enabled
[ ] Windows and browser updates are on
[ ] Backups exist and are tested
[ ] I know how to disconnect quickly and contact my bank if needed