Secure use of remote sup­port

Remote sup­port is a tech­nology enabling you to obtain third party help on your own device without the need to have an engi­neer on site. Finan­cial insti­tu­tions and soft­ware man­u­fac­turers also use this option in the con­text of their support/help desk facil­i­ties. How­ever, to use remote sup­port securely, you have to take cer­tain mea­sures.

The most impor­tant points to remember:

  • Only estab­lish con­nec­tions with trust­worthy people. You should be par­tic­u­larly cau­tious if it is not you ini­ti­ating the con­nec­tion (e. g. if you receive an unex­pected phone call).
  • Use an encrypted con­nec­tion.
  • Use a ses­sion pass­word or a meeting ID.
  • Don’t grant full access to your system. The person helping you should only ever be able to view your screen pas­sively.
  • Con­sider that every­thing shown on your screen can be seen and also recorded by the other side.
  • Enter as few pass­words during the ses­sion as pos­sible.
  • Don’t surf to any Internet pages which have nothing to do with the ses­sion - even if you are asked to do so.
  • Make sure that the remote sup­port con­nec­tion is ter­mi­nated after availing your­self of any help, to stop any fur­ther access to your device.

Many com­pa­nies use remote sup­port soft­ware to enable their sup­port staff to have a quick look at a user’s machine without the need of someone having to go visit them on site straight away.

Unfor­tu­nately, this tech­nology is also abused by crim­i­nals to obtain access to Internet user devices by fraud­u­lent means, for instance to cap­ture pass­words, install mal­ware or trigger an e-banking remit­tance, by pur­porting to be sup­port staff of a cer­tain com­pany. You should there­fore be careful who you trust!

Please also con­sider our info sheet “How to pro­tect your­self against fraud­u­lent sup­port calls“.

Remote sup­port soft­ware enables remote access to a third party system via a local net­work (LAN) or the Internet. In the process, the remote device desktop is dis­played on the local system and some­times also allows for it to be remotely con­trolled.

Fur­ther infor­ma­tion for all those inter­ested

Invi­ta­tion

Only estab­lish con­nec­tions with trust­worthy people. You should be par­tic­u­larly cau­tious if it is not you ini­ti­ating the con­nec­tion (e. g. if you receive an unex­pected phone call). Cur­rently, a common method by attackers trying to scam you is to ring you pur­porting to be sup­port staff, for instance working for Microsoft, Apple, an IT sup­port com­pany or a finan­cial insti­tu­tion, to obtain access to your device. Any ses­sion should only be ini­ti­ated after your explicit invi­ta­tion to do so. Before you accept any con­nec­tion via their soft­ware, you should expressly have to agree to do so.

Encryp­tion

When choosing a product, you should ensure that there is a suf­fi­cient level of encryp­tion to guar­antee data cannot be trans­ferred in plain text. The key should be at least 128 bit in size.

Authen­tifi­ca­tion

Any person estab­lishing a con­nec­tion to your device must authen­ti­cate him- or her­self via a meeting ID and/or a pass­word. Depending on the soft­ware used, there are dif­ferent ways to do so. To make sure that this sen­si­tive infor­ma­tion is only received by the right person, it is best to advise the pass­word or meeting ID before­hand, by tele­phone.

Access rights

Don’t grant full access to your system. The person helping you should strictly only ever be able to pas­sively view your screen and give you instruc­tions. This ensures that you still have exclu­sive con­trol over your system and that no unin­tended changes can be imple­mented.

Screen cap­ture

Please note that sup­port ses­sions can be recorded. Any­thing appearing on your screen during this ses­sion can be viewed and cap­tured by the other party.

Ses­sion

Enter as few pass­words as pos­sible during the ses­sion (ide­ally none at all), and don’t surf to any Internet pages which have nothing to do with the ses­sion. If for instance it is a finan­cial insti­tu­tion pro­viding you with sup­port, make sure you only ever remain on the web­site of the finan­cial insti­tu­tion involved.

Ter­mi­na­tion

Make sure that the remote sup­port con­nec­tion is ter­mi­nated after availing your­self of any help, to stop any fur­ther access to your device. While the con­nec­tion is still active, a remote sup­port infor­ma­tion screen which cannot be hidden should per­ma­nently be dis­played on your screen. Please follow the instruc­tions in the soft­ware doc­u­men­ta­tion.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic courses

This basic course will point out cur­rent threats on the Internet and con­veys mea­sures as to how you can pro­tect your­self by taking some simple mea­sures.

fur­ther infor­ma­tion

Prac­tical courses

Learn and prac­tice the most impor­tant mea­sures for your com­puter and e-banking secu­rity on com­puters pro­vided by us.

fur­ther infor­ma­tion

Send this to a friend