HELP! I clicked on a phishing email

I stupidly clicked on a link in a phishing email last week which I thought was from my bank and entered my mobile number and debit card number. I was very tired and stressed from work and just let down my guard… Fortunately, my bank told me it detected a virus on my mobile and blocked online access and my debit card.

I didn’t have a Mobile Security app on my mobile at the time (I do now, and it hasn’t found anything untoward) but I had recently downloaded the GlassWire for Android app. I can’t remember exactly what time I clicked on the phishing link but having checked my Glasswire Alerts, I think there was a sequence of eight “First Network Activity” events over 3 minutes linked to my clicking on the phishing email. I assume the blue icon with horns and eyes indicates malware.

I can only upload one screenshot, so the events are:
Legal Term
Bokeh Editor

Can anyone please interpret these events for me and tell me what they think has happened, as I’m no android expert and googling hasn’t helped me much? What did “com.qualcomm.qti.remoteSimlockAuth” do? I gave the phishers my mobile number, so can they clone my phone or something?

Did “Quickstep” copy all my photos in my Gallery app and send them to the phishers? I have some photos of documents showing sensitive financial and personal details, so I am very worried :worried:

Am I right to tell GlassWire to deny network access to everything that has the horned blue icon next to it? Shutting stable door after the horse has bolted, I guess…

Thanks for reading.

I’m sorry to hear that happened to you @sillyme. It’s easy for even the best of us to let our guard down and tap a phishing email, or something similar.

I am not familiar with qualcom apps, but I did find this older article. How old is your phone?

The icons you are seeing are not devils, but those are the default Android OS app icons. The Qualcom apps seemed to be using the default icons for the Android OS instead of a custom icon like we use.

If it was me I’d recommend resetting your phone to its defaults, then run all Android OS updates. Then re-enable GlassWire once your device is updated. You just need to sign on to your phone with the same account you used previously with Google Play and you can continue to use your subscription with GlassWire.

Meanwhile you should change all your logon/passwords with your important banking and email accounts that are related to those banking services. I hope this helps!

1 Like

Thanks, @Ken_GlassWire. Fortunately, my phone is only 2 years old and is running Android 10. As you say, changing passwords, etc is a must.

I just wish I could understand what exactly happened when I clicked on the phishing email. My main concern now is that my photos might have been stolen - they show home addresses, birth certificates and other personal details of myself and members of my family, which would be a treasure trove for ID and financial theft. I’m old enough to remember a time when phones were phones and cameras were cameras, and I didn’t have to worry about such things…

1 Like