Almost fell for "tech support" scam - what is the risk?

From your description, there is nothing to worry about. The victim just shared the screen with the attacker without giving the attacker control or giving the attacker any information.

As the victim used a common tool (TeamViewer) and not one provided by the attacker, there is no risk in the shared session.

There is no risk to the router as the attacker never had access to it.

It is not known what information the attacker saw on the screen, but perhaps the only concern is the disclosure of the IP address. This can be mitigated by turning the router on/off (which works in some instances) or asking the ISP for a new IP.


In my Uni times, when I cracked nagware, I often repackaged the original installer with my crack and whatever modifications I had done to the code, including extra files/binaries. The tools at the time were far more simple than today, but it was more difficult to pull that off.

Nothing whatsoever guarantees your friend installed a "genuine TeamViewer".

Nothing also guarantees that despite he "having seen" what they were doing, that they had not by the time he clicked on a binary/installer, that a secondary control connection was opened to a partner of the people talking with him, or extra software was downloaded in the background.

Despite the victim having "only" installed TeamViewer, and "having seen" what was done, IMO the only sensible solution is to format the computer and install everything from scratch just in case.

It is also quite a false sense of security assuming there is nothing left if some AV solution does not find signatures. An AV wont find special crafted binaries/scripts or "official" software left behind.


If they did not give a credit card and did not receive the file, there should not be a significant reason for concern. I would have them run virus scan and malware detection and remove anything found.

In the US, the Federal Trade Commission put together a non-techie page about these types of scams. You might direct your friend there for some further knowledge.

It never hurts to be over protective if you think anything might have occurred. It is all about the level of comfort the person has after the fact that their computer data is still intact.

here is that link from the US FTC