As the title implies I made the mistake of overreacting to a phishing email -- the sender address looked legitimate (service@paypal.com) -- regarding I owed $$$ for a Coinbase transaction. Rather than doing my due diligence and research first, I called the number in the email after verifying my crypto accounts (knowing I have not made any purchases recently, and do not use paypal, but I have been off my game all week and didn't consider looking more into it before calling). 'Customer service' said I was hacked and asked I install Quick Connect/Teamviewer on my Android phone to verify. They had me search 'whatismyip' and somehow altered the results (masking/overlaying my real one) to convince me there was an issue. Then they made me go through my Privacy and Security settings and Password Manager/scan as a way to 'verify' my settings... Then the had someone else talk to me-- he wanted me to transfer my crypto assets. That's when I finally hung up, and uninstalled Teamviewer right away. It's so obvious now but at the time my anxiety just went through the roof when I read the email.
So my question is -- is there anything I need to do to make sure the information on my phone is safe? I'm unfamiliar with Teamviewer and did not save the audit logs before uninstalling the app. Out of paranoia that the scammers have the sessions recorded (again, I'm unfamiliar with the Teamviewer's capabilities on Android) I tried retracing my steps and changed all the passwords that were in my Google Password Manager, as well as enable MFA for most of my apps/accounts. I forwarded the email to Paypal's support team. It just occurred to me that I should have forwarded the logs to the Teamviewer support team, but as I said, I already uninstalled the app... Unless some residual files remain in the directory after uninstalling the app (is there a possibility to locate that?) I also ran some malware scans, bit found nothing. If anyone has any recommendations, please let me know.
Sorry for the long story.
