When we think about securing our devices after a scam or cyber-attack, most of us immediately turn to antivirus software. While this is an important step, it often overlooks a dangerous and commonly used tool in fraud schemes: remote access software (RAS). Unfortunately, many victims believe their device is safe after a virus scan, but remote access software can remain undetected, giving scammers continued access to their accounts long after the initial incident.

Remote access software allows someone to connect to a device from another location, controlling it as if they were physically present. Many legitimate uses exist for RAS, such as technical support or work-from-home access. However, cybercriminals exploit this tool by tricking victims into installing RAS, allowing them to remotely control the victim’s device, steal sensitive data, and conduct fraudulent transactions.

RAS is not a virus, so it won't be flagged by traditional antivirus programs. This makes it particularly dangerous, as victims may believe their device is secure after running a virus scan, unaware that RAS is still active. Scammers often leave RAS on the device, giving them continued access to sensitive information, even after the victim has changed their passwords.

One of the biggest risks with RAS is when it’s paired with stored passwords in web browsers. Many people save their account passwords in their browsers for convenience. If RAS is installed, the scammer can access these saved passwords, no matter how many times the victim changes them. As a result, criminals can continuously log into bank accounts, email, or other personal accounts, causing further damage.

It’s critical for anyone who has fallen victim to a scam to check their device for RAS in addition to scanning for viruses. Here’s how you can check for and remove RAS from your device:

Open your device’s list of installed programs and search for any RAS tools. Common names include applications like:

• TeamViewer
• AnyDesk
• LogMeIn
• RemotePC
• GoToMyPC

Uninstall Suspicious Programs - If you find any RAS applications that you didn’t install or no longer need, uninstall them immediately. You can always reinstall them later if necessary, but for security reasons, it’s important to remove all forms of RAS from your device after a scam.

Check for Multiple RAS Programs - Scammers often install multiple RAS programs, especially if they suspect the victim may uninstall one. Be thorough and remove any RAS tools you don’t recognize.

Disable Automatic Login Features - If you store passwords in your web browser, now is the time to change this habit. Criminals can easily access your saved passwords if RAS is on your device. Consider using a password manager instead, which stores passwords securely and separately from your browser.

Monitor Account Activity - After removing RAS, regularly monitor your accounts for any suspicious activity. If you notice any unfamiliar transactions, report them immediately to your bank or financial institution.

Even after a victim realizes they’ve been scammed and changes their passwords, if RAS remains installed, the scammer can access the new passwords stored in the browser. This allows the criminal to continue operating as if nothing has changed. The scammer could even initiate fraudulent transactions from the victim’s own device, making it appear that the activity is legitimate.

This is especially problematic for retirees or those less familiar with technology. Many victims assume antivirus programs will catch all threats, but as we’ve seen, RAS is not flagged by these tools, leaving their device vulnerable for months.

By taking these steps and staying vigilant, you can regain control of your devices and stop scammers from continuing their attacks long after the initial breach.