PanicStation.org
UK USA
uk Technology & digital loss remote management enabled • screen sharing turned on • unauthorized remote access • someone can see my screen • remote control notification • computer hacked warning • unexpected admin access • mac screen sharing alert • windows remote desktop enabled • remote assistance turned on • device is being managed • mdm profile installed • unknown device access • suspicious login device • account takeover suspicion • tech support scam remote access • remote tool installed • privacy breach on device • laptop being controlled • corporate device management surprise

What to do if…
you receive a notification that screen sharing or remote management was enabled without your consent

Short answer

Disconnect the device from the internet (Wi-Fi and mobile data) to cut off any live remote access, then secure your accounts from a different trusted device.

Do not do these things

  • Don’t click “Allow”, “Trust”, or approve any pop-up prompt you didn’t request, even to “see what happens”.
  • Don’t call phone numbers shown in pop-ups or messages claiming to be “support”.
  • Don’t keep using the device for banking, email, password managers, or work logins until you’ve contained the issue.
  • Don’t uninstall or “clean up” everything immediately if you may need evidence for work/insurance/police—take a few screenshots first.
  • Don’t assume it’s “just a glitch” if you also notice new admin accounts, new device management, or unusual logins.

What to do now

  1. Get to a safer pause and cut connectivity.
    Turn on Airplane mode, switch off Wi-Fi and Bluetooth, and unplug any Ethernet cable. If it’s a home router you control and you suspect multiple devices are affected, pause and consider switching off the router briefly while you stabilise.
  2. Capture proof without interacting further.
    Take clear photos/screenshots of the notification(s), the time/date, and any app/service name shown (for example “Remote Management”, “Screen Sharing”, “Remote Desktop”, “AnyDesk/TeamViewer”).
  3. Check whether the device is supposed to be managed.
    If this is a work/school device (or you use it for work accounts), stop and contact your organisation’s IT/helpdesk using a known internal number or portal. Remote management can be legitimate on managed devices, and they need to confirm what changed.
  4. Turn off sharing/remote features you can see.
    Without reconnecting to the internet if possible:
    • On your system’s Sharing/Remote access settings, switch off screen sharing/remote management/remote login/remote desktop/remote assistance.
    • If the setting is greyed out or says the device is managed, treat that as a red flag (or a sign it’s legitimately managed)—don’t try to “hack around” it; move to the next steps.
  5. Look for a new admin account or new “device management”.
    Check:
    • User accounts: any new admin user you don’t recognise.
    • Device management / profiles: anything newly installed that claims to manage the device.
      If you find something suspicious, don’t delete it yet—note the exact names and take screenshots.
  6. From a different trusted device, secure the accounts that can control this device.
    Prioritise: your email, Apple ID/Microsoft/Google account, and any work single sign-on. Do this in order:
    • Change passwords to strong, unique ones.
    • Turn on multi-factor authentication (MFA) if it isn’t already.
    • Sign out of other sessions/devices and remove any devices you don’t recognise.
  7. Run a trusted scan and remove remote-control tools (if present).
    If you can safely do so, run an up-to-date security scan. Uninstall any remote-control apps you didn’t install (common examples are remote support tools). If you’re unsure what’s legitimate, take a photo of the installed-apps list and ask a trusted tech person or IT.
  8. If you suspect the device is compromised, plan a clean reset.
    The most reliable way to regain control is often a full system reset/reinstall and restoring from a backup made before the problem started. If the device holds work data, coordinate this with IT first.
  9. Report it if it’s criminal or involves loss.
    • If you believe you’ve been hacked or scammed in England, Wales, or Northern Ireland, report it to Report Fraud (online, or by phone).
    • If you live in Scotland or the crime happened there, contact Police Scotland (use 101 for non-emergencies).
    • If you’re in immediate danger or an active crime is in progress, call 999.

What can wait

  • You don’t need to identify “who did it” right now.
  • You don’t need to confront anyone you suspect or message the attacker.
  • You don’t need to decide today whether to replace the device—containment and account security come first.
  • You don’t need to tidy files or do a full forensic investigation before you’ve secured email and primary logins.

Important reassurance

It’s common to feel shaken and urgently want to “fix everything” at once. You’re not overreacting—unauthorised remote access can be serious. Cutting connectivity, preserving a little evidence, and securing key accounts are the quickest steps that reduce harm.

Scope note

These are first steps to stop ongoing access and prevent irreversible mistakes. If the device is managed by an employer/school, or if money/identity data may be involved, you may need specialist support (IT, bank, or reporting channels).

Important note

This is general information, not legal or technical assurance. Device menus and names vary by system and organisation. If you cannot verify a setting safely, prioritise disconnecting, protecting accounts from a trusted device, and getting help from official support/IT.

Additional Resources
Support us