If you've come to this post because something has just gone wrong — you're sitting at your computer right now, you let someone remote in, and your stomach is in knots — start at the section called "If it just happened." Then come back up and read the rest. The order of operations matters, and the first thirty minutes count more than the next thirty days.

If you're reading this calmly, on a normal Friday morning, this is the rescue manual. Print it. Tape it next to the computer. Make sure the people in your life who'd panic in this situation know where to find it.

The seven things that should make you hang up

If any of these happen on a phone call about your computer, the call is fake. End it immediately.

The caller asks you to install AnyDesk, TeamViewer, UltraViewer, LogMeIn, or any other program that gives them control of your screen. Real Microsoft and Apple do not do this for general support.

The caller mentions a "lifetime support license" or a "computer warranty" you don't remember buying. There is no such thing.

The caller starts running commands in a black window — netstat, tree, cmd — and tells you the output proves you've been hacked. The output of those commands proves nothing about hackers. They're using your unfamiliarity with the screen as a weapon.

The caller takes you to your bank or asks you to log in to anything financial while connected. Real support never needs to see your bank.

The caller "accidentally" overpays you a refund and asks you to send the difference back via gift card, wire, cash, or cryptocurrency. This is the signature move of every refund scam. There is no overpayment. There is no manager about to be fired.

The caller insists you stay on the phone while you go to a store, an ATM, or a Bitcoin machine. They want to keep you from talking to anyone who'd interrupt the spell.

The caller says you can't tell anyone — not your bank, not your family, not the police — because it would "compromise the investigation" or "alert the hackers." This is the most chilling step. They're isolating you. Real police, real Microsoft, and real banks have never asked anyone to keep something like this secret.

If even one of these happens, the call is the scam. Hang up.

If it just happened

If you let a "tech" into your computer in the last few hours, do these in order. Don't skip steps. The order is the rescue.

1. Disconnect. Pull the network cable, turn off your Wi-Fi, or shut the computer off entirely by holding the power button for ten seconds. Once the connection is severed, the scammer can't continue doing damage.

2. Don't reboot to "see if it's fine." Bring it as-is to a real technician — me, or anyone you trust who has a physical address. If you can't get to one today, leave the computer off until you can.

3. Move to a different device. Use your phone, a tablet, or a family member's computer for the next steps. Don't use the affected computer for anything until it's been checked.

4. Call your bank from a known number. The number on the back of your card. Tell them you've had a remote-access incident and to flag any unusual activity. If you saw the scammer touching your bank, ask about reversing recent transactions.

5. Change passwords from the clean device. Start with email, bank, and any saved-password manager. The scammer may have grabbed credentials from your browser, so any account that was logged in matters most.

6. If you bought gift cards, call the gift card issuer immediately. Apple, Target, Amazon, Google Play. Read them the gift card numbers. Some can be frozen if reported within the first hour or two.

7. If you sent a wire transfer, call your bank within 24 hours. Recall is sometimes possible, especially in the first day. The clock is real.

8. File a report at ic3.gov. This is the FBI's online complaint center. Recovery is rare but the report helps law enforcement track the rings, and some banks require it for fraud claims.

9. Don't talk to the scammer again. They'll call back. They'll text. They'll send "follow up" emails. Block the number, mark the email as spam, and don't engage. Continued contact never recovers your money — it only gives them more.

10. Consider a credit freeze. If they had access to your computer for any length of time, they may have grabbed enough information to open new accounts in your name. A free credit freeze with all three bureaus blocks that.

What you do next

After the immediate steps, the medium-term cleanup is just as important.

Watch every account for the next thirty days. Bank, credit card, email, retail logins. Scammers often sell stolen credentials before they use them, so the unauthorized activity might show up next week, not today.

Reset every saved password in your browser. Don't trust the ones that were stored when the scammer was connected. Use a password manager going forward — the free version of Bitwarden or 1Password's free tier is enough for most people.

Turn on two-factor authentication for email and bank. Most banks let you require a text code or app prompt before any login, even from your own computer. This single setting is the most useful security upgrade most people can make in twenty minutes.

Check the apps installed on your computer once it's been cleaned. AnyDesk, TeamViewer, UltraViewer, LogMeIn, and Quick Assist should all be uninstalled if they're there and you don't use them.

What's normal to feel afterward

Embarrassed. Furious. Stupid. Anxious about the next phone call. None of those feelings are warranted, but all of them are normal.

The retired teachers, the engineers, the doctors, the bank tellers — I've cleaned up after all of them this year. These scams aren't designed to fool dumb people. They're designed to fool panicked ones. That's a different problem entirely, and it can happen to anyone who answers their phone on a bad day.

If you've been hit, talk to one person you trust about what happened. Not because they need to know the dollar amount — they don't — but because keeping it secret is the one thing scammers count on. Telling someone breaks the isolation, and the isolation is half the trap.

A note for the people around the victim

If you're reading this because someone you love just got hit, the most important thing you can do is not shame them. They are already shaming themselves. They were targeted by professionals running a script that's been refined over thousands of victims. The fact that they fell for it isn't a reflection of their intelligence — it's a reflection of how good these scams have gotten.

Help them through the steps above. Sit with them while they call the bank. Drive them to the shop. Don't lecture. Don't say "I told you so." Don't ask why they didn't recognize the warning signs.

Just help.

Local to Portland?

If your computer's been touched by any of this, bring it in. First diagnostic is free, and we can usually tell you within the hour whether anything was actually compromised or whether it was theater. You don't need an appointment.

Stay sharp out there.