ANDROID SCAM VICTIMS GUIDE
Download Our Step by Step Android Scam Guide Download Our Step by Step Android Scam Guide
Android Scam Victim’s Guide
Android devices (tablets & smartphones) are more open than iPhones, which means real malware is possible, but still uncommon unless apps were installed from outside the Play Store or remote‑access was granted.
Most “virus warnings” on Android are fake pop‑ups, not infections.
NOTE: These are generic items to look for, and the settings will probably be different for manufacturers and models.Example: the iPhone, one manufacturer “Apple” and 42 iPhone models ever released, while with Android,1,300+ manufacturers and 24,000+ distinct Android phone models have been released with 300–600 new models every year.
This guide walks you through a 30‑minute, high‑risk‑to‑low‑risk audit after a scam, suspicious popup, or accidental interaction.
30‑Minute Android Security Audit
Phase 1 — Immediate Risk Check (5 minutes)
These are the highest‑danger items on Android.
1. Remove Remote‑Access Apps
Look for these apps immediately (Samsung: Settings → Apps; Pixel: Settings → Apps → See all apps):
· AnyDesk
· TeamViewer / TeamViewer QuickSupport
· Zoho Assist
· AirDroid / AirDroid Remote Support
· RustDesk
· Splashtop
· Scrcpy (Screen Copy)
· VNC Viewer
· LogMeIn Rescue (used by support scammers)
- “Device Help” apps you didn’t install
If installed:
- Open the app
- End any active session
- Uninstall the app
2. Remove Unknown Device Admin Apps
Go to: Settings → Security → Device admin apps
(Names vary: “Security & privacy,” “More security settings,” “Device admin apps”)
Note: You may have to ask your favorite AI where these settings are located on your tablet or smartphone, always include the make and model number. (free AI URLs at bottom)
Disable anything unfamiliar.
Major red flags:
- Unknown “Security Service”
- “Device Manager” from unknown vendor
- “Work Profile” you didn’t create
3. Remove Unknown VPNs
Go to: Settings → Network & Internet → VPN
Delete any VPN you don’t recognize.
Red flags:
- “Security VPN”
- “Protect VPN”
- “MobileGuard”
- Anything installed during a scam call
4. Airplane Mode (Optional without remote access software)
If you believe someone is actively connected or you find remote access software on your device then turn on Airplane mode as scammers may be able to see everything you are doing.
Turn on Airplane Mode while auditing.
Phase 2 — Google Account Security (7 minutes)
5. Check Signed‑In Devices
Go to: Settings → Google → Manage your Google Account → Security → Your devices
Remove unfamiliar devices:
6. Change Google Password
Go to:
Google Account → Security → Password
Use:
7. Verify Recovery Info
Still under Security:
Check:
- Recovery phone
- Recovery email
- 2‑Step (2FA) Verification devices
- Security keys (if used)
Remove anything unknown.
8. Ensure 2‑Step Verification (2FA) Is ON
Should show: 2‑Step Verification: On
If not, turn it on immediately.
Phase 3 — Financial & Password Risk (5 minutes)
9. Review Saved Passwords
Go to:
Settings → Google → Password Manager (In a Samsung it’s Settings>General Management> Passwords, passkeys, and autofill) then set your preferred service.
Check for:
- Breached passwords
- Reused passwords
- Weak passwords (less than 16 characters)
Prioritize changing:
- Email
- Banking
- Google account
- Shopping accounts
- Password manager
Especially if:
- Someone watched you type (remotely or over your shoulder).
- You entered credentials on a suspicious site
10. Check Banking & Payment Apps
Open each app (Venmo, Cash App, PayPal, Zelle, bank apps):
Review:
- Recent transactions
- Linked emails
- Linked phone numbers
- Notification settings
If suspicious:
- Freeze cards
- Call banks using official numbers
Phase 4 — Messaging & Phone Hijacking (4 minutes)
11. Check Call Forwarding
Go to:
Phone app → Settings → Calls → Call forwarding
Should normally be OFF.
Red flags:
- Forwarding to unknown numbers
- Forwarding to international numbers
12a. Check SMS (messaging) is NOT forwarded, if forwarded your 2FA for standard messaging will allow the scammer to read your incoming text messages.
Check App Permissions for SMS
See exactly which apps have the right to read your text messages:
Go to Settings > Apps.
Tap the three dots in the top right corner and select Permission manager.
Tap SMS.
Look through the list under "Allowed." If there is any app listed there that isn't your default messaging app (like Google Messages or Samsung Messages) or a trusted system app, tap it and change the permission to Don't allow.
Check for Universal Network Forwarding (MMI Codes)
Sometimes, text forwarding happens at the carrier level, not on the phone itself. You can audit this instantly by opening your Phone app (the dialer) and typing this code:
Dial *#61# or *#21# and press the call button. (These may vary by carrier)
A screen will pop up showing the status of your Voice, Data, and SMS forwarding. It should say "Not forwarded." If you see a phone number listed there that you don't own, call your cellular carrier immediately to have them reset your conditional call/text forwarding.
12b. Check SMS (Messaging) Access
Go to:
Settings → Apps → Special app access → SMS access
Only your messaging app should have access.
13. Check Default Phone & SMS (Messaging) Apps
Go to:
Settings → Apps → Default apps
Ensure defaults are:
- Google Messages (or your chosen app)
- Phone by Google/Samsung
Phase 5 — Scam Profiles & Browser Issues (4 minutes)
14. Remove Spam Calendars
Google Calendar spam is common.
Go to:
Google Calendar → Menu → Settings → Events from Gmail / Add-ons / Accounts
Delete unknown:
- Subscribed calendars
- Crypto calendars
- “Virus alert” calendars
15. Check Browser Settings
For Google Chrome (default browser):
Chrome → Menu → Settings → Notifications
Disable unknown sites.
Then:
Chrome → Settings → Privacy → Clear browsing data (History)
Also check:
Chrome → Settings → Site settings → Pop-ups & redirects
Block pop-ups.
NOTE: Google Chrome is not considered secure, we recommend Brave, Mozilla Firefox, or Microsoft Edge and the extension UBlock Origin that can remove pop-ups.
16. Remove unknown Browser Extensions that you did not add. (Samsung Internet) this is the default browser on Samsung devices.
Samsung Internet:
Menu → Add-ons → Extensions
Remove anything unfamiliar.
Phase 6 — Privacy Permissions (3 minutes)
17. Review App Permissions
Go to:
Settings → Privacy → Permission Manager
Check:
- Microphone
- Camera
- Location
- Files & media
- Notifications
- Accessibility
- Screen capture / screen recording
Remove permissions from apps you don’t trust.
18. Check Accessibility Services
This is a MAJOR scam vector.
Go to:
Settings → Accessibility → Installed services
Red flags:
- “Enhanced Service”
- “Smart Control”
- “Security Service”
- Any unknown app with Accessibility ON
Turn off and uninstall suspicious apps.
19. Check Background Activity
Go to:
Settings → Battery → Battery usage
Look for:
- Unknown apps using heavy background activity
- Apps you don’t recognize
Phase 7 — Final Hardening (2 minutes)
20. Update Android
Go to:
Settings → System → System update
(Samsung: Settings>Software update)
Install updates.
21. Restart Device
A reboot can terminate lingering sessions or malicious processes.
22. Decide Whether You Need a Full Reset
A full reset is recommended if:
- Remote access was granted
- Unknown device admin apps existed
- Unknown VPNs installed
- Google account compromised
- Banking info exposed
- Device behaves strangely afterward
Path:
Settings → System → Reset options → Erase all data (factory reset)
If doing this after a scam:
- Set up as new initially
- Reinstall apps manually
- Avoid restoring unknown backups
Highest Danger Signs on Android
Immediate action required if you see:
- Unknown Device Admin apps
- Unknown Accessibility Services enabled
- Remote‑access apps installed
- Unknown VPN installed
- Verification codes arriving unexpectedly
- Google account shows unfamiliar devices
- Call forwarding enabled unexpectedly
- SMS (Messaging) access granted to unknown apps
- Someone asked for Google verification codes
- You typed passwords while someone watched
Usually NOT a Sign of Hacking
These are common false alarms:
- Chrome pop-up saying “Android infected”
- Calendar spam
- Battery drain
- Storage full
- Random ads on websites
- Overheating during updates
- One-time app crash
Useful URLs:
KeePassDX Passkey Vault (Password manager): https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free&hl=en_US
UBlock Origin (AdBlocker) extension for browsers: https://ublockorigin.com/
Free Online Browser AI apps:
https://gemini.google.com/app
https://copilot.microsoft.com/