Scammers using anydesk on mobile

[sleepwouldbenice]

Hi all
Advice sought please!
A few months ago my elderly dad was targeted by scammers. We think ( not sure he has memory issues) they rang his house phone, pretended to be his bank, persuaded him to load anydesk app onto his phone

They then had control of his phone, added money transfer apps and then tried to take sums of money through "being him" and verifying emails texts etc

Luckily...ish we found out got the money back, cancelled cards etc. I have reset all passwords, put myself down as 2fa etc now. Also have access to his email

All the apps are removed and he has had a new phone.

However the other day I noticed the app was back. We checked his calls, searches etc and he hasn't been contacted. Does anyone have any ideas as to how it could have been reinstalled? I noticed someone had tried to reset his email password but failed and the app couldn't log on so I am hoping that nothing has happened this time but would like to take further preventative action if possible.

Any year other suggestions?
Thanks

I can’t help but giving your post a bump!

They will have set up a back door via the original install so that they can continue to have access. They use a virus to do this so have you run a full malware scan?

Good news is that setting up 2FA will have stopped them gaining access, and if they get a few blocked attempts that may be enough to put them off but it’s not guaranteed because if any of the 2FA verifications are set up to send a code to email and the email account is signed in on the device then they could potentially still gain access.

Disconnect from the internet. Uninstall the new version of Any desk and use your anti virus program (should be windows defender on the device even if you haven’t installed anything else in addition). Then change all the password again, sorry I know it’s annoying but if they’ve potentially had access between now and you last doing it then you need to do it again.

That should highlight and fix any issues, but if you have to then you can always failsafe to the ultimate option of wiping and reinstalling the operating system but that’s desperate measures and a pain the bum because you’ll need to back everything up and make sure you have the OS available to install.

Thank you so much for reply!
will look into all this tomorrow but just to check, would this all still apply with the device being his mobile and us having got a new ,boiler? I thought it might be something to do with his Google / play store account although tbh I get confused by the differences myself!
thanks again

Sorry missed that it was installed on a phone, yes all the same apply but your method of removal and scanning are a bit different. It’s too late for my brain to type a proper list of actions so I cheated and got AI to do it, but the below should help:

Step 1: Disconnect immediately

• Turn off your phone's Wi-Fi and mobile data to cut the scammer's connection. This is the most important first step.

Step 2: Uninstall AnyDesk

• Standard uninstall: On an Android device, navigate to Settings > Apps > AnyDeskand tap Uninstall. For an iPhone, press and hold the AnyDesk app icon and select "Remove App".
• Remove admin rights: If the uninstall option is grayed out on an Android, the scammer likely granted the app device administrator access. You must revoke these permissions first by going to Settings > Security > Device administrators, finding the malicious app, and deactivating its admin rights.

Step 3: Scan for and remove malware

• Boot into Safe Mode (Android only): Restart your phone in Safe Mode. This will prevent any third-party apps, including hidden malware, from running.
• How-to: Hold down the power button. When the "Power off" option appears, press and hold it until you see the "Reboot to Safe Mode" prompt. Tap OK.
• Install and run an antivirus scan: From the Google Play Store (in Safe Mode), download and run a reputable antivirus or anti-malware app like Malwarebytes.
• Review apps: Check your app list again for any other suspicious or unfamiliar applications. Uninstall anything you don't recognize.

Step 4: Secure your accounts

• Use a different device: Do not use the compromised phone for this step. Use a computer or another trusted device to change the passwords for all your important accounts, especially your banking, email, and social media.
• Enable multi-factor authentication (MFA): Turn on MFA for your accounts. This adds an extra layer of security that would stop a scammer even if they had your password.

Thank you so much!!!