AnyDesk hacked? Remote access scam recovery steps for India

AnyDesk hacked or remote access scam: what to do first

Remote access scam recovery checklist after AnyDesk, TeamViewer, or screen share

1. Disconnect the session

   End the call, close the remote app, disconnect internet briefly if the caller may still be connected, and do not open any banking, wallet, email, or document app while following their instructions.

2. Remove remote access

   Uninstall AnyDesk, TeamViewer, QuickSupport, RustDesk, AirDroid, screen-sharing apps, unknown APKs, and any app the caller asked you to install. Also check accessibility, screen recording, device admin, VPN, notification access, and unknown app permissions.

3. Secure money channels

   Call the bank, card issuer, UPI app, wallet, or brokerage from the official app, card-back number, branch, or saved website. Ask for temporary blocks or monitoring if OTP, UPI PIN, card, account screen, or netbanking was visible.

4. Change account access from a clean device

   Use another trusted phone or computer to change email, bank, wallet, social, cloud, shopping, and recovery passwords. Log out unknown sessions and turn on two-step verification where available.

5. Check recovery settings

   Review recovery email, phone number, passkeys, backup codes, forwarding rules, logged-in devices, linked UPI IDs, saved cards, trusted beneficiaries, and auto-debit permissions.

6. Save proof before deleting everything

   Keep app name, caller number, session ID if visible, screenshots, debit alerts, UTR/reference, bank ticket, complaint acknowledgement, chat links, APK file name, and a short timeline.

Uninstalling the app is only step one

• If bank or UPI screens were open: contact the bank or wallet first, then review UPI autopay, beneficiaries, cards, limits, and recent activity.
• If OTP or UPI PIN was visible: treat it as active financial risk. Save the OTP timeline and report quickly instead of waiting for the next debit.
• If email was open: change the password, remove unknown devices, check forwarding filters, review recovery options, and protect the email before changing other accounts.
• If documents were shown: save what was visible and watch for KYC, loan, SIM, account-opening, or identity misuse attempts.
• If APKs or settings were changed: remove unknown apps, review permissions, update the phone, and consider a service-center or factory-reset route after backing up only trusted data.

Where to report a remote access scam in India

• Call 1930Use quickly when money moved recently or financial cyber fraud is active.
• National Cyber Crime Reporting PortalUse for the formal cybercrime complaint trail, acknowledgement number, and follow-up record.
• AnyDesk abuse prevention and scam reportingUse the official AnyDesk route for platform-specific scam and abuse context.
• TeamViewer report-a-scam routeUse the official TeamViewer route if that product or impersonation was involved.
• Bank freeze request after 1930 complaintUse this internal guide when you need the bank follow-up proof pack.

Proof to save for bank, 1930, cybercrime.gov.in, AnyDesk, or TeamViewer

• Remote app name, install time, caller number, WhatsApp profile, support page, ad, link, session ID, or invitation code if visible.
• Screenshots of chats, call logs, payment demands, OTP messages, app permissions, debit alerts, and the exact story used by the caller.
• Transaction details: amount, date, time, UTR/reference, bank or wallet, receiver UPI ID/account, card last four digits, and complaint ticket IDs.
• Account-risk details: email alerts, password reset notices, unknown login sessions, linked devices, changed recovery options, or new beneficiaries.
• A short timeline: when the call started, which app was installed, what was shown, what money or account access changed, and when each official route was contacted.

Use the matching ScamScan route next

AnyDesk hacked and remote access scam recovery FAQ