'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
you suspect someone has remote access to your computer because the cursor moves on its own
Short answer
Disconnect the computer from the internet immediately (unplug Ethernet and turn off Wi-Fi), and stop typing passwords or opening sensitive accounts until you’ve secured your key accounts from a different device.
Do not do these things
- Don’t keep “testing” by logging into email, banking, or shopping sites on that computer.
- Don’t install random “anti-hack” tools or accept help from anyone who contacted you unexpectedly.
- Don’t pay anyone to “fix it” if they approached you first (this is a common remote-access scam pattern).
- Don’t sign into password managers on the suspected computer until you’ve secured them elsewhere.
- Don’t factory reset in panic if this is a work/school device (you may wipe information your IT team needs).
What to do now
-
Isolate the computer from the internet (right now).
Unplug any network cable, turn off Wi-Fi, and disable Bluetooth if you can do so quickly. If the cursor is actively moving and you can’t safely control it, hold the power button to shut down after disconnecting from the internet. -
Use a different, trusted device to secure your most important accounts first.
Prioritise:- Email accounts (because they control password resets)
- Banking/payment accounts
- Your main Apple/Google/Microsoft account
Change passwords and sign out of other sessions/devices where the service offers it.
-
If this is a work/school computer, stop and contact your IT/helpdesk.
Tell them you suspect unauthorised remote control and that you have disconnected the device from the internet. Follow their instructions before doing scans/resets. -
Record what you observed (briefly).
Write down the date/time, what you saw (e.g., cursor movement, windows opening), and any unusual messages. If safe, take a quick photo/video from your phone. This helps if you need to report it or explain it to IT/banks. -
Once accounts are secured, check for obvious remote-access software (only if you can do this safely).
If you can safely use the computer while still offline, look for unfamiliar remote tools (for example, remote desktop apps you don’t recognise) and unfamiliar user accounts. Don’t open unknown files or click pop-ups. -
Keep it offline until you have a safe plan to clean it.
If you already have reputable security software installed, you can plan a full scan and updates once you’re confident the device isn’t being actively controlled. If you’re unsure, keep it offline and get qualified help (or follow IT instructions if it’s managed). -
If money, accounts, or personal data may be at risk, report it through the correct UK route.
- England, Wales, Northern Ireland: report cyber crime/fraud via Report Fraud (the national reporting service).
- Scotland: report to Police Scotland (typically via 101 for non-emergencies, or their online reporting).
If you believe a crime is occurring now or there’s immediate danger, use emergency services.
What can wait
- You do not need to decide right now whether you’ll wipe/reinstall the computer.
- You do not need to identify “who did it” today.
- You do not need to check every account immediately—secure email + financial accounts first, then work outward.
Important reassurance
Cursor movement can be caused by innocent issues (touchpad sensitivity, faulty mouse/USB device, accessibility tools, lag), but treating it as a possible compromise for the next hour is a safe, reversible choice. You’re not overreacting by disconnecting and protecting your key accounts first.
Scope note
This is first-steps-only guidance to stop further harm and buy time. If the computer is confirmed compromised (or if money/identity risk is involved), next steps may require specialist technical support and, in some cases, formal reporting.
Important note
This is general information, not professional or legal advice. If you believe a crime is in progress, someone is threatening you, or there is immediate risk to safety, contact emergency services.
Additional Resources
- https://www.reportfraud.police.uk/computer-hacking/
- https://www.reportfraud.police.uk/reporting-a-fraud/
- https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
- https://www.police.uk/advice/advice-and-information/fa/fraud/online-fraud/cyber-crime-fraud/
- https://www.scotland.police.uk/secureforms/c3/
- https://www.scotland.police.uk/advice/internet-safety/cybercrime/