I Clicked a Link in a Scam Email — What Should I Do Now?
If you clicked a link in a suspicious email, entered your information, or downloaded an attachment, don't panic. There are specific steps you can take right now to limit the damage. Acting quickly makes a real difference.
Think this email is a scam?
Forward it to us and get a free risk assessment in under 60 seconds.
Act Quickly — Here's What to Do
Don't Panic — But Act Now
If you clicked a link in a scam email, the most important thing is to act quickly. The faster you respond, the less damage the scammers can do.
If you clicked a link in a suspicious email, you may have exposed yourself to credential theft, malware, or financial fraud. The severity depends on what happened after you clicked. Follow the steps below based on your situation.
If You Entered Login Credentials
What To Do
- Change the password for that account immediately — do this from a different device if possible
- Change the password for any other account that uses the same password
- Enable two-factor authentication (2FA) on the compromised account
- Check for unauthorized activity — purchases, messages sent, settings changed
- Contact the company (your bank, email provider, etc.) to alert them
If you entered your email password, check your email's sent folder and settings for unauthorized changes. Scammers often add forwarding rules to intercept your incoming emails.
If You Entered Financial Information
What To Do
- Call your bank or credit card company immediately to report the breach
- Request a freeze or new card number
- Monitor your statements closely for unauthorized transactions for the next 90 days
- Consider placing a fraud alert or credit freeze with the credit bureaus
- In the US: Equifax (1-888-766-0008), Experian (1-888-397-3742), TransUnion (1-800-680-7289)
If You Downloaded an Attachment
What To Do
- Disconnect your computer from the internet immediately (unplug ethernet or turn off Wi-Fi)
- Run a full antivirus scan — use Windows Defender (built in) or a trusted antivirus
- Do not use the computer for banking or email until the scan is complete
- If malware is found, consider having a professional clean your computer
- Change passwords for all accounts from a different, clean device
If You Only Clicked the Link But Didn't Enter Anything
If you clicked a link but closed the page immediately without entering any information or downloading anything, your risk is lower. However, some phishing sites can install tracking cookies or attempt drive-by downloads. Run an antivirus scan as a precaution and monitor your accounts for unusual activity.
Red Flags
- Your email starts sending messages you didn't write
- You receive password reset notifications you didn't request
- Unfamiliar charges appear on your bank or credit card statements
- Your computer runs slower than usual or shows unexpected pop-ups
- Friends or contacts tell you they received strange messages from your account
Report the Incident
Sources
- IdentityTheft.gov — Personalized recovery plans for identity theft victims
- FBI Internet Crime Complaint Center (IC3) — Internet crime reporting