PanicStation.org
UK USA
us Technology & digital loss remote management enabled • screen sharing turned on • unauthorized remote access • someone can see my screen • remote control notification • computer intrusion warning • unexpected admin access • mac screen sharing alert • windows remote desktop enabled • remote assistance turned on • device is being managed • mdm profile installed • unknown device access • suspicious login device • account takeover suspicion • tech support scam remote access • remote tool installed • privacy breach on device • laptop being controlled • employer managed device surprise

What to do if…
you receive a notification that screen sharing or remote management was enabled without your consent

Short answer

Disconnect the device from the internet right away to stop live remote access, then secure your primary accounts (email and Apple/Microsoft/Google) from a different trusted device.

Do not do these things

  • Don’t approve prompts to “Allow”, “Trust”, or “Enable” anything you didn’t initiate.
  • Don’t call numbers in pop-ups or “support” messages, and don’t let anyone talk you into installing remote tools.
  • Don’t log into banking, payroll, or password manager accounts on the affected device until you’ve contained the situation.
  • Don’t wipe the device immediately if you may need evidence for an employer, insurance, or a report—take a few screenshots first.
  • Don’t assume it’s harmless if settings are locked, you see new admin accounts, or you get “your device is managed” messages you didn’t expect.

What to do now

  1. Cut off access: disconnect now.
    Turn on Airplane mode, disable Wi-Fi and Bluetooth, and unplug Ethernet. If you suspect multiple devices are affected on your home network, consider briefly taking the network offline while you stabilize.
  2. Preserve the basics (fast).
    Take screenshots/photos of the alert(s), the time/date, and any app/service name shown (for example “Remote Desktop”, “Remote Assistance”, “Remote Management”, or a remote-control app name).
  3. Check if this is legitimate device management.
    If this is a work/school device or uses employer logins, pause and contact your IT/helpdesk through a known internal channel. Remote management can be legitimate on managed devices, and they need to confirm whether this change was authorized.
  4. Disable remote features you can see.
    Without reconnecting to the internet if possible, go to system settings and turn off:
    • Screen sharing/remote management
    • Remote desktop/remote assistance
    • Any “allow remote control” or “accessibility control” settings you didn’t enable
      If controls are locked/greyed out or the device says it’s managed unexpectedly, treat it as a serious indicator and continue.
  5. Check for new admin access or new management profiles.
    Review:
    • User accounts (especially administrators)
    • Device management / profiles / management certificates
      If you find suspicious entries, document names with screenshots before removing anything.
  6. From a separate trusted device, secure the accounts that can “re-own” the device.
    Start with email, then Apple ID/Microsoft account/Google account, then any work SSO:
    • Change passwords (unique, strong).
    • Turn on MFA.
    • Sign out of other devices/sessions and remove unknown devices.
  7. Remove remote-control tools and scan the device.
    Uninstall any remote access apps you didn’t install, and run a full, up-to-date security scan. If you believe a scammer had access, consider a reset after you’ve secured your accounts.
  8. If you can’t trust the device, plan a clean reset.
    A full reset/reinstall and restoring from a known-good backup is often the safest way to regain control. If this is a work device, coordinate with IT.
  9. Report if it appears criminal, extortionate, or you lost money/data.
    • File a complaint with the FBI’s Internet Crime Complaint Center (IC3). Under stress, don’t rely on search results or pop-up links—type the address directly and double-check the domain before entering personal info.
    • If it was a tech support scam attempt, report it to the FTC (ReportFraud) as well.
    • If you’re in immediate danger or an active crime is occurring, call 911.

What can wait

  • You don’t need to diagnose the exact malware or attacker method right now.
  • You don’t need to argue with “support” callers or respond to threatening messages.
  • You don’t need to decide on replacing hardware today—containment and account control come first.
  • You don’t need to notify everyone at once; start with accounts and any employer/school IT.

Important reassurance

This kind of alert can feel violating and urgent. Taking the internet connection away, capturing a little evidence, and securing the accounts that control the device are the fastest actions that reduce risk.

Scope note

These are first steps for stabilization and harm reduction. Depending on whether the device is employer-managed, and whether money or identity information is involved, you may need additional help from IT, your bank, or official reporting channels.

Important note

This is general information, not professional security or legal advice. Device menus vary by operating system and workplace policies. If you’re uncertain, prioritize disconnecting, securing key accounts from a trusted device, and using official support/IT channels.

Additional Resources
Support us