Home Page Navigation Contents Contact Sitemap Search

Secure use of remote support

Remote sup­port is a tech­nology enabling you to obtain third party help on your own device without the need to have an engi­neer on site. Finan­cial insti­tu­tions and soft­ware man­u­fac­turers also use this option in the con­text of their support/help desk facil­i­ties. How­ever, to use remote sup­port securely, you have to take cer­tain measures.

The most impor­tant points to remember:

  • Only estab­lish con­nec­tions with trust­worthy people. You should be par­tic­u­larly cau­tious if it is not you ini­ti­ating the con­nec­tion (e. g. if you receive an unex­pected phone call).
  • Use an encrypted connection.
  • Use a ses­sion pass­word or a meeting ID.
  • Don’t grant full access to your system. The person helping you should only ever be able to view your screen passively.
  • Con­sider that every­thing shown on your screen can be seen and also recorded by the other side.
  • Enter as few pass­words during the ses­sion as possible.
  • Don’t surf to any Internet pages which have nothing to do with the ses­sion - even if you are asked to do so.
  • Make sure that the remote sup­port con­nec­tion is ter­mi­nated after availing your­self of any help, to stop any fur­ther access to your device.

Many com­pa­nies use remote sup­port soft­ware to enable their sup­port staff to have a quick look at a user’s machine without the need of someone having to go visit them on site straight away.

Unfor­tu­nately, this tech­nology is also abused by crim­i­nals to obtain access to Internet user devices by fraud­u­lent means, for instance to cap­ture pass­words, install mal­ware or trigger an e-banking remit­tance, by pur­porting to be sup­port staff of a cer­tain com­pany. You should there­fore be careful who you trust!

Please also con­sider our info sheet “How to pro­tect your­self against fraud­u­lent sup­port calls“.

Remote sup­port soft­ware enables remote access to a third party system via a local net­work (LAN) or the Internet. In the process, the remote device desktop is dis­played on the local system and some­times also allows for it to be remotely controlled.

Fur­ther infor­ma­tion for all those interested

Invi­ta­tion

Only estab­lish con­nec­tions with trust­worthy people. You should be par­tic­u­larly cau­tious if it is not you ini­ti­ating the con­nec­tion (e. g. if you receive an unex­pected phone call). Cur­rently, a common method by attackers trying to scam you is to ring you pur­porting to be sup­port staff, for instance working for Microsoft, Apple, an IT sup­port com­pany or a finan­cial insti­tu­tion, to obtain access to your device. Any ses­sion should only be ini­ti­ated after your explicit invi­ta­tion to do so. Before you accept any con­nec­tion via their soft­ware, you should expressly have to agree to do so.

Encryp­tion

When choosing a product, you should ensure that there is a suf­fi­cient level of encryp­tion to guar­antee data cannot be trans­ferred in plain text. The key should be at least 128 bit in size.

Authen­tifi­ca­tion

Any person estab­lishing a con­nec­tion to your device must authen­ti­cate him- or her­self via a meeting ID and/or a pass­word. Depending on the soft­ware used, there are dif­ferent ways to do so. To make sure that this sen­si­tive infor­ma­tion is only received by the right person, it is best to advise the pass­word or meeting ID before­hand, by telephone.

Access rights

Don’t grant full access to your system. The person helping you should strictly only ever be able to pas­sively view your screen and give you instruc­tions. This ensures that you still have exclu­sive con­trol over your system and that no unin­tended changes can be implemented.

Screen cap­ture

Please note that sup­port ses­sions can be recorded. Any­thing appearing on your screen during this ses­sion can be viewed and cap­tured by the other party.

Ses­sion

Enter as few pass­words as pos­sible during the ses­sion (ide­ally none at all), and don’t surf to any Internet pages which have nothing to do with the ses­sion. If for instance it is a finan­cial insti­tu­tion pro­viding you with sup­port, make sure you only ever remain on the web­site of the finan­cial insti­tu­tion involved.

Ter­mi­na­tion

Make sure that the remote sup­port con­nec­tion is ter­mi­nated after availing your­self of any help, to stop any fur­ther access to your device. While the con­nec­tion is still active, a remote sup­port infor­ma­tion screen which cannot be hidden should per­ma­nently be dis­played on your screen. Please follow the instruc­tions in the soft­ware documentation.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic course

Find out about cur­rent Internet threats and some easy pro­tec­tive mea­sures, and how to securely use e-banking.

fur­ther information

Online course mobile banking/payments

Find out about mobile banking, mobile pay­ments and how to securely use these apps.

fur­ther information

Online course for the under-30s

Learn how to use your smart­phone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

fur­ther information

Course for SMEs

Is your organ­i­sa­tion suf­fi­ciently secure? Learn which mea­sures you can take to sig­nif­i­cantly strengthen your organisation’s IT security.

fur­ther information