What to Do After a Fake Apple Support Call or Pop-Up

Recovery steps if you called the number, gave remote access, or pasted a command into Terminal.

6 min read · Beginner friendly

If you called the number or gave remote access

1. Disconnect from Wi-Fi and Ethernet immediately
2. Open System Settings → General → Sharing and turn off Screen Sharing, Remote Login, and Remote Management
3. Open Applications and uninstall any remote-access tool they had you install (TeamViewer, AnyDesk, LogMeIn, Quick Assist, Zoho Assist)
4. Restart your Mac and run a Malwarebytes scan

If you paid them

• Contact your bank and request a chargeback — explain it was a tech-support scam
• Cancel the card the payment was on
• If you used a gift card, contact the card issuer immediately — some can reverse unspent balances

If you pasted a Terminal or Script Editor command

Treat the Mac as compromised. Atomic Stealer (AMOS) and similar malware harvest browser passwords, crypto wallets, and Keychain entries within seconds.

1. From a different device, change passwords for: email, banking, Apple ID, password manager, crypto exchanges
2. Sign out of all sessions in Apple ID, Google, and your password manager
3. Run a Malwarebytes scan on the Mac and remove anything flagged
4. Consider a clean macOS reinstall if the Mac stored crypto wallet keys