The biggest long term is risk is they gathered enough info to steal his identity. They could sit on the a long time. In the immediate, he should let his bank know and lock his credit. He doesn’t want someone opening an account or taking a loan on his name.

Friend temporarily fell for a tech support scam, had someone remotely access his laptop. How much damage could be done?

Open ended, but I guess the limitation is digital-realm. So for example, your friend can’t be physically infected with a disease or have a broken bone as a result of this, but otherwise there aren’t really any specific limits. Anything that your friend could have conceivably done with his computer could have been done.

if he watched the guy remotely access his computer the whole time and the scammer never tried opening up any documents or anything, how likely is it that any files or personal information were taken?

Computers can run applications that don’t have visual interfaces. Anything could have been done. All files could have been remotely copied, and worse. The attacker who convinced your friend to run some random remote access application doesn’t have to design the application in such a way as to show the victim how they’re being victimized. That expectation is an absurdity.

read somewhere they could have stolen his cookies and use those to log into some accounts?

Sure, possibly.

I think I’ve had him take all the necessary precautions for now. Are there any other steps I should have him take?

The minimum reasonable action here is a full reformat and clean operating system install, in my humble opinion. Even that might be insufficient depending on paranoia level, as UEFI malware that can survive OS reinstall absolutely exists both as a concept and as a field tested reality in the wild.

Assume that any personal data was downloaded. They could have had a script running in another session that would download anything in a list of common folders

Your friend should assume that any login entered on that machine is compromised. They should also assume that machine itself is still compromised.

My mom fell for this scam along with paying them $500.00…. Doing a complete reformat of the computer is the only correct answer.

I am retired Navy IT. I agree that your system was compromised without you knowing. They showed you one instance of then working, while another instance was manipulating your system without your knowledge.

​

You need to clear out your system, and acquire a holistic security system for your system. When configured correctly, it will block any unauthorized instances, and let you know they were attempted.

​

Be careful out there. Always go to the official site of any company; do not click the link provided!!! It will save you a lot of hassle!!

There’s a hundred things the scammer could have done within SECONDS of gaining remote access that your friend would not have noticed. Treat the entire PC and all of it’s contents as compromised.

I see plenty of these situations.

How long did he have access?

Typical MO of scammers is to collected any cached data typically from browsers, like saved passwords, accounts, and other information. Anything that’s easy enough to grab quickly.

In most cases it’s a simple installation of a remote software, sometimes easy to find, sometimes hidden deep in appdata folders with gibberish names that look like temp files.

Safest bet is to change all passwords and wipe the PC. Of course.

You can also check the system event logs and see if there where any installations during the time the scammer had access. Likely as soon as the scammer achieved access.

Best of luck! A hard lesson but hopefully a lesson well learned.

Why format immediately and possibly lose important data, pictures etc? Just unplug your wifi router or block the laptop from accessing the internet via wifi router settings and turn on your laptop and see what can be salvaged or fixed. It could have been one of those scams where they pretended to do something on the laptop and then try to convince the victim to go and buy gift cards. Laptop does not have access to the internet so not much can happen. Once important things are saved and determined to not be infected with any virus then format the hard drive or just replace the storage unit from the laptop.

For sure though, change all your passwords for all the accounts you have.

They could’ve gotten basically everything and he wouldn’t know it. They would be working on taking his data in the background while he watches them remotely navigate his PC. Just because he didn’t see doesn’t mean it didn’t happen. Needs to wipe the PC most likely.

They also could still have access. Your friend needs to pull that from the internet immediately and factory reset it ASAFP!

“Your friend” is a moron. Signed every tech support specialist on the planet

It all depends whether the scammer had them set up unattended access and he wasn’t aware of it.

What I would do is first or foremost uninstall and get rid of the remote access software whether it’s TeamViewer or any desk.

And I would do that before you reconnect it back to the internet.

Consider the PC compromised and do not boot into Windows without wiping the storage drive and fresh installing Windows. There’s no telling what kind of files were silently uploaded and executed when they remoted in.

Contact the tax agency/agencies in his area. In the US, that would be Internal Revenue Service, the state tax agency, and also the county, burough, etc., and city agencies if he files taxes with them. Request that a notation be placed on their account. The IRS (US) has downloadable forms he can complete to formally advise of potential future fraud. A PIN number or other means of identifying himself on his taxes may be provided. The IRS and most state tax agencies have online sites with a wealth of information, and contact numbers. I would think that other countries have something similar.