A caller asks you to install AnyDesk, TeamViewer, screen sharing, or support software. Once they can see or control the device, OTPs, banking screens, and passwords are exposed.
Common script
What the message or call may sound like
Install this support app so we can help you complete refund verification. Share the code shown on screen.
Mechanism
Why this scam works
It feels like normal customer support, especially when the victim is already worried about money, delivery, KYC, or refunds.
Red flags
Stop when you see these signals
Caller asks to install remote access or screen-sharing software
Request to share a device code or allow control
Bank, refund, courier, wallet, or investment context
Caller says not to disconnect or not to tell anyone
They ask you to open banking, email, or payment apps during the session
Do now
If this is happening to you
End the remote session immediately.
Uninstall the remote access app.
Change passwords from another device.
Call your bank if banking or payment apps were visible.
Review transactions, sessions, and forwarding rules.
Do not
Do not open banking apps while sharing screen.
Do not read out OTPs or remote access codes.
Do not reinstall the app if the caller insists.
Save evidence
Caller number
Remote access app name
Session code if visible
Chat messages and transaction alerts
Prevent repeat risk
Real banks do not need remote control of your phone.
Remove remote access apps after legitimate support sessions.
No. Remote access tools can be legitimate, but scammers abuse them. The danger is granting control to an untrusted caller.
What if they only watched my screen?
Screen sharing can still expose OTPs, balances, account numbers, recovery emails, messages, and payment app screens. Secure accounts if sensitive information was visible.