Typical MO of scammers is to collected any cached data typically from browsers, like saved passwords, accounts, and other information. Anything that’s easy enough to grab quickly.
In most cases it’s a simple installation of a remote software, sometimes easy to find, sometimes hidden deep in appdata folders with gibberish names that look like temp files.
Safest bet is to change all passwords and wipe the PC. Of course.
You can also check the system event logs and see if there where any installations during the time the scammer had access. Likely as soon as the scammer achieved access.
Best of luck! A hard lesson but hopefully a lesson well learned.
I see plenty of these situations.
How long did he have access?
Typical MO of scammers is to collected any cached data typically from browsers, like saved passwords, accounts, and other information. Anything that’s easy enough to grab quickly.
In most cases it’s a simple installation of a remote software, sometimes easy to find, sometimes hidden deep in appdata folders with gibberish names that look like temp files.
Safest bet is to change all passwords and wipe the PC. Of course.
You can also check the system event logs and see if there where any installations during the time the scammer had access. Likely as soon as the scammer achieved access.
Best of luck! A hard lesson but hopefully a lesson well learned.