'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
you suspect someone has remote access to your computer because the cursor moves on its own
Short answer
Disconnect the computer from the internet immediately (turn off Wi-Fi and unplug Ethernet), and secure your email and financial accounts from a different, trusted device before doing anything else.
Do not do these things
- Don’t keep using the computer to log into email, banking, or shopping accounts.
- Don’t accept help from anyone who contacted you first (calls/pop-ups/messages claiming to be “support”).
- Don’t install unfamiliar “security” tools or grant remote access to “fix” the problem.
- Don’t factory reset a work/school computer without instructions from your IT/admin team.
- Don’t enter personal details into “IC3 lookalike” sites—type the official address yourself rather than clicking ads or search results.
What to do now
-
Isolate the computer from the internet (right now).
Turn off Wi-Fi, unplug Ethernet, and disable Bluetooth if possible. If you can’t safely regain control and it looks actively controlled, hold the power button to shut down after disconnecting from the internet. -
Use a separate trusted device to lock down your most important accounts.
Start with:- Email (controls password resets)
- Banking/payment apps
- Your Apple/Google/Microsoft account
Change passwords and use “sign out of all devices/sessions” where available. Turn on multi-factor authentication if it isn’t already enabled.
-
If it’s a work/school device, contact your IT/security team immediately.
Tell them you suspect unauthorized remote access and that you disconnected the device from the internet. Follow their containment steps. -
Capture a minimal record of what happened.
Note the date/time and what you saw (cursor movement, windows opening, new programs). If safe, take a quick phone photo/video. This can help IT, banks, or a report later. -
After accounts are secured, check for remote-access tools or new user accounts (only if you can do this safely).
If you can safely use the computer while offline, look for unfamiliar remote desktop/control apps and unfamiliar user accounts. Avoid clicking pop-ups or unknown files. -
Keep it offline until you have a safe plan to clean it.
If you already have reputable security software installed, you can plan a full scan and updates once you’re confident the device isn’t being actively controlled. If you’re unsure, keep the device offline and get qualified help. -
Report it if there’s financial loss, account takeover, or suspected identity theft.
- For cyber-enabled fraud/cybercrime reports, use the FBI’s Internet Crime Complaint Center (IC3).
- If you believe your identity information may have been used or stolen, report and follow recovery steps via IdentityTheft.gov (FTC).
What can wait
- You don’t need to decide immediately whether you’ll wipe/reinstall the computer.
- You don’t need to prove exactly how they got in right now.
- You don’t need to secure every single account this minute—do email + financial + primary device accounts first.
Important reassurance
Sometimes cursor movement has a benign cause (faulty mouse/USB device, touchpad issues, accessibility settings, lag). But treating it as a possible compromise for the next hour is a safe way to prevent irreversible harm—especially to accounts and money.
Scope note
This is first-steps-only guidance to stop further damage and buy time. If the device is confirmed compromised, follow-up steps may involve professional technical support, account recovery processes, and formal reporting.
Important note
This is general information, not professional, legal, or forensic advice. If you believe you’re in immediate danger or someone is actively threatening you, call emergency services.