Lock anything you mentioned and warn your bank

    There's a clear pattern: identify which account was exposed by the conversation, then act on that account first. Don't rely on 'they didn't sound that smart' — assume professional fraud.

    If they asked you to install something

    Apps installed via SMS links almost always include remote-access or banking-trojan capability. Don't open the banking app on that device until it's been wiped or scanned by a trusted security tool.

    More from Communications Security

    No image

    Confirm the inbox is actively compromised

    Pin down which account, who's been emailed, and which sessions are unfamiliar.
    No image

    Make the next phishing email harmless

    Use a password manager, hardware key and email aliases so a single phish can't cascade.
    No image

    Use specialised victim resources

    Sextortion has dedicated services — they're free, confidential and fast.