Treat anything you entered as compromised

    Quishing kits behave exactly like phishing kits — they forward credentials to the attacker in seconds. The recovery is the same: assume they have it, change it, kill the sessions.

    Check the scanning device too

      • iOS: Settings → General → VPN & Device Management for unknown profiles
      • Android: Settings → Apps for newly installed apps with broad permissions
      • Run a scan with Bitdefender, Malwarebytes or Sophos Mobile

    More from Communications Security

    No image

    Confirm the inbox is actively compromised

    Pin down which account, who's been emailed, and which sessions are unfamiliar.
    No image

    Make the next phishing email harmless

    Use a password manager, hardware key and email aliases so a single phish can't cascade.
    No image

    Use specialised victim resources

    Sextortion has dedicated services — they're free, confidential and fast.