Remote-access scams targeting older Australians now cost an average of $17,943 per victim. Here's how the scam actually works, the five scripts that lead to the software being installed, and the single rule that prevents every version of it.
Of all the scams targeting older Australians, this is the one that scares me the most. Not because it's the most common — it isn't. Because of what the scammer walks away with.
A "Hi Mum" scam takes one transfer. A bank-fraud-alert scam takes whatever's in the account. A remote-access scam takes the entire digital life: every saved password in the browser, every banking session, every email, every photo, every document, and ongoing access for as long as the victim doesn't realise. The ACCC's National Anti-Scam Centre reports that in the first quarter of 2024, the average loss per victim of a remote-access scam was $17,943 — a 57 per cent increase on the previous quarter, and the ACCC noted that "Australians over the age of 65 are suffering the largest losses." Scamwatch's own alert describes the trend in the same terms.
This post walks through how the scam actually works, the scripts that lead to the software being installed, what to do if it's already happened, and the one rule that prevents every version of it.
The scam works because most older Australians (and a lot of younger ones) have never seen remote-access software in operation, and so they don't recognise it for what it is. Here's the sequence:
A caller convinces your parent there is a problem with their computer, internet, or bank account. They direct your parent to a website — often a real one — and instruct them to download an app. The most commonly named in Scamwatch's alerts are AnyDesk, TeamViewer, and Zoho Assist. Sometimes it's a less well-known tool like UltraViewer or LogMeIn.
Once installed, the software displays a numeric code on the screen — typically 9 or 10 digits. Your parent reads that code out to the caller. The moment the caller types it in on their end and your parent clicks "Accept", the scammer has full control: they can see the screen in real time, move the cursor, type, open files, click through banking sessions, and download anything that's on the machine.
What happens next varies, but the pattern is consistent. The scammer opens the victim's internet banking, often by clicking the saved bookmark or letting the browser autofill the login. They show your parent a "test transaction" or a "refund" that looks wrong — sometimes they're skilled enough to use Chrome's developer tools to fake the on-screen balance. They then convince your parent that money needs to be moved to a "secure holding account" while the bank investigates. Often they tell your parent to look away from the screen, or cover the screen, or even turn the monitor off entirely, while "the bank's system runs the verification". With the screen hidden, the scammer drains the account.
Even when the call ends, the scammer's access doesn't end with it. AnyDesk and TeamViewer can both be configured for unattended access — meaning the scammer can reconnect later, even after your parent has hung up and gone to bed. Until the software is uninstalled and the device's passwords are reset from a different machine, the scammer has the keys.
Almost every remote-access scam in Australia begins with one of these openings. If your parent has heard any of these, it's worth a conversation.
1. The Microsoft / tech-support script. A pop-up appears on the screen — sometimes triggered by a malicious ad, sometimes by a website your parent visited — claiming the computer is infected and to call a number "to remove the virus". The voice on the line is professional, calm, and patient. They ask your parent to "let me see what's happening" and walk them through installing AnyDesk. Microsoft has been one of the most-impersonated companies in this scam category for years.
2. The bank / fraud-team script. "I'm calling from your bank's fraud team. We've detected someone trying to access your account from overseas. To help us trace it and protect your money, I'm going to need to connect to your computer." This one is particularly effective because, unlike the Microsoft script, no pop-up needed to appear first — the caller can phone any senior cold.
3. The Telstra / NBN / internet-provider script. "This is the technical team from your internet provider. We've detected illegal activity coming from your home connection. To investigate without disconnecting your service, I need to install diagnostic software on your computer." As covered in our earlier post on phone scams, NBN Co does not cold-call retail customers about technical issues.
4. The ATO script. Less common than the others but increasingly seen. "There's been a security breach on the ATO portal involving your tax file number. To verify which transactions on your account are genuine, I'll need to share screens with you."
5. The "you've been refunded too much" script. A genuinely clever variation. "We're calling from Amazon / eBay / a software company you used to subscribe to. Our records show we've accidentally refunded you $800 instead of $80. To recover the difference, we need to connect to your computer and watch you reverse the transaction." The scammer then uses the developer console trick to show your parent a fake transaction that "needs" to be reversed by sending money back.
The common thread is that all five scripts require your parent to install software at the direction of an unsolicited caller. That's the chokepoint. If that step doesn't happen, none of the rest can.
A normal scam steals one transaction. A remote-access scam steals the platform on which every future transaction happens. Saved bank passwords. Saved card numbers. Email logins (which enable password resets on every other account). Tax records. MyGov access. Photos that can be used in follow-up scams or identity theft. And often, ongoing access that the victim doesn't realise has been retained.
The ACCC has specifically warned that scammers are now using this access to "drain entire bank accounts", with average losses already in the tens of thousands. And because remote-access scams typically involve the victim clicking the buttons themselves — even if they didn't understand what they were clicking — banks are often slower to refund these losses than they are for straightforward unauthorised-transaction fraud.
If you've just realised your parent has installed AnyDesk, TeamViewer, or any similar tool on someone else's instruction, work through this in order:
1. Disconnect the device from the internet. Pull the network cable, switch off the Wi-Fi, or shut the machine down completely. As long as the device is online, the scammer's access persists.
2. From a different device — your phone, your laptop, anything not compromised — change the passwords for online banking, email, and any account that mattered. Start with email, because email is the back-door to resetting everything else.
3. Call your parent's bank's 24-hour fraud line. Have any active transfers stopped if you can. We covered the first-hour steps in detail in our post on what to do in the first 24 hours after a scam.
4. Call IDCARE on 1800 595 160. They are Australia's free, government-funded identity-and-cyber-support service and they will build a recovery plan specific to what was exposed.
5. Take the compromised device to a technician for a clean reinstall. Uninstalling AnyDesk isn't enough. A remote-access scammer with twenty minutes of unattended control can install other tools, change settings, and leave back-doors that survive a casual uninstall. The only fully safe option for a compromised machine is a full operating system reinstall.
It's worth being clear: AnyDesk and TeamViewer are not scam software. They're legitimate, widely used remote-access tools that real IT support staff, real businesses, and real family members use every day for entirely legitimate reasons. Both companies actively work with the ACCC's National Anti-Scam Centre to identify and disrupt fraudulent use of their products.
The problem isn't the software. The problem is who's directing its installation. A legitimate IT support session looks like this: you call your IT person; they tell you what to install; you install it. The order matters. The scam version inverts that order: they call you, and they tell you what to install.
That inversion is the entire scam in one sentence.
Never install software at the direction of someone who phoned you first.
That's it. That single rule, followed consistently, prevents every variant of the remote-access scam. Microsoft will not phone you to install AnyDesk. Your bank will not phone you to install TeamViewer. The ATO will not phone you to install diagnostic software. NBN Co will not phone you at all (they sell wholesale to retail providers and don't have your number). Amazon will not phone you to reverse a refund.
If you didn't initiate the call, do not install what they ask you to install. If they say it's urgent, that urgency is itself the giveaway.
This is, in some ways, an easier conversation to have than the broader "don't trust callers" conversation, because the rule is so specific. You aren't asking your parent to second-guess every call. You're asking them to follow one rule about software installation. That's a much smaller ask, and one most older Australians will accept readily once they understand the mechanics.
A useful framing: "If anyone ever asks you to install something on your computer or phone because of a call they made to you, just hang up and ring me. You don't have to figure out whether they're real — that's my job. Just don't install anything."
That framing puts you in the role of consultant rather than enforcer, and it gives your parent a graceful out from any future scam call: "My son handles all that, I'll need to check with him." Scammers can't argue with that, and most will simply hang up.
FamilySentry sits between unknown callers and your parent's phone. Every unknown call is screened in real time by AI configured to recognise the scam scripts being run in Australia right now — including all five of the remote-access scripts above. If a caller starts walking through the Microsoft-virus pitch, the bank-fraud-team pitch, or the NBN-disconnection pitch, your nominated family members get an SMS or push alert while the call is still happening, with a summary of what's being said and the option to end the call remotely — before the software is ever installed.
Known contacts — the GP, the real bank fraud team if they call, family, friends — ring through normally. Your parent doesn't have to learn anything, change anything, or admit anything.
If you'd like to be among the first families using it when we launch publicly, you can join the founding-member waitlist — the first 100 families get three months free at launch, plus 20% off the subscription forever.
Found this useful? Share it.
The five scam patterns Scamwatch is reporting most heavily in early 2026, what each one sounds like on the phone, and the simple questions that trip every one of them up.
Australian carriers block billions of scam calls before they reach customers — and the system still leaves elderly parents exposed to the calls that matter most. Here's why network-level blocking can't see the calls that get through, and what fills the gap.
A clear, step-by-step guide for adult children of older Australians who have just been scammed — what to do in the first hour, the first day, and the first week. And the mistakes to avoid that make recovery harder.