What To Do If You Clicked

Don’t Panic — Act Quickly

Everyone makes mistakes. Security experts fall for scams. The difference is knowing what to do next.

---

If You Clicked a Link (But Didn’t Enter Information)

Risk level: Low to Medium

Immediate actions:

1. Close the browser tab immediately
   • Don’t enter any information
   • Don’t download anything
2. Check for downloads
   • Open your Downloads folder
   • Delete any files that appeared around that time
   • Don’t open any suspicious downloads
3. Run a security scan
   • Use your antivirus/malware scanner
   • Run a full system scan
   • Consider Malwarebytes for additional scanning
4. Monitor your accounts
   • Watch for unusual activity over the next few days
   • Check login history on important accounts
5. Report it (at work)
   • Tell your IT/security team
   • They can check for any network compromise

---

If You Entered Your Password

Risk level: High

Immediate actions:

1. Change that password NOW
   • Go directly to the real website (type the URL yourself)
   • Change the password immediately
   • Don’t use the link from the phishing email
2. Change it everywhere you used the same password
   • If you reused this password on other sites, change it there too
   • (This is why you should use unique passwords!)
3. Enable two-factor authentication (2FA)
   • This adds a second layer of protection
   • Even if they have your password, they can’t get in without the second factor
4. Check for unauthorized activity
   • Look at recent login history
   • Review any changes to settings
   • Check for forwarding rules or connected apps
5. For work accounts: Report to IT immediately
   • They may need to take additional steps
   • They can check if the attacker gained access

---

If You Entered Financial Information

Risk level: Very High

Immediate actions:

1. Contact your bank/card company immediately
   • Call the number on your card
   • Report the potential compromise
   • They may freeze or replace your card
2. Monitor your accounts closely
   • Check for unauthorized transactions
   • Set up transaction alerts if available
3. Consider a fraud alert or credit freeze
   • Contact the credit bureaus (Equifax, Experian, TransUnion)
   • A fraud alert makes it harder for thieves to open accounts
   • A credit freeze blocks new accounts entirely
4. Document everything
   • Save the phishing message
   • Note the date and time
   • Record what information you provided

---

If You Sent Money

Risk level: Critical

Immediate actions:

1. Contact your bank or payment service immediately
   • Call their fraud line (number on your card or their website)
   • Ask to stop or reverse the transaction
   • Wire transfers and cryptocurrency are often irreversible, but try anyway
2. If you sent gift cards:
   • Contact the gift card company (Amazon, Google, Apple, etc.)
   • Provide the card numbers
   • They may be able to freeze remaining funds
3. Report the fraud:
   • FTC: reportfraud.ftc.gov
   • FBI IC3: ic3.gov (for significant losses)
   • Local police: for significant amounts
4. Don’t send more
   • Scammers often call back claiming “there was a problem” and asking for more
   • Never send additional money

---

If You Gave Personal Information (SSN, DOB, etc.)

Risk level: High (long-term)

Immediate actions:

1. Freeze your credit at all three bureaus:
   • Equifax: equifax.com/personal/credit-report-services
   • Experian: experian.com/freeze
   • TransUnion: transunion.com/credit-freeze
   • This is free and prevents new accounts from being opened
2. Set up fraud alerts
   • You only need to contact one bureau — they share the alert
   • Requires creditors to verify your identity before opening accounts
3. Monitor your credit reports
   • Get free reports at annualcreditreport.com
   • Look for unfamiliar accounts or inquiries
4. Consider identity theft protection
   • Services like IdentityGuard, LifeLock, or your bank’s offering
   • They monitor for misuse of your information
5. File an identity theft report if needed:
   • identitytheft.gov
   • This creates an official record and recovery plan

---

Reporting Is Important

Even if you’re embarrassed, please report phishing attacks. Here’s why:

• It helps protect others from the same attack
• IT/security teams need to know about threats targeting their organization
• Law enforcement uses reports to track and prosecute scammers
• Companies can take down phishing sites faster with reports

Where to Report

Type	Where to Report
Phishing emails	Forward to [email protected] (if at work) or [email protected]
IRS scams	treasury.gov/tigta
FTC / General fraud	reportfraud.ftc.gov
Significant financial loss	ic3.gov (FBI)
Identity theft	identitytheft.gov

---

Learn From It

After the immediate response:

1. Don’t beat yourself up — this happens to everyone
2. Identify what triggered you — which PUSHED tactics worked?
3. Plan your response for next time — what would you do differently?
4. Share the experience — warning others helps protect them

---

Quick Reference Card

Just clicked a link: Close browser, check downloads, run antivirus scan

Entered credentials: Change password immediately, enable 2FA, check for unauthorized access

Gave financial info: Call bank immediately, monitor accounts, consider credit freeze

Sent money: Contact bank to attempt reversal, report to FTC/FBI, don’t send more

Gave personal info: Freeze credit at all three bureaus, set up fraud alerts, monitor reports

At work: Report to IT/Security immediately regardless of what happened

---

Key Takeaways

1. Fast action matters more than the fact that you clicked
2. Know the specific steps for each type of compromise
3. Change passwords by going directly to the real site
4. Contact financial institutions immediately for financial compromise
5. Freeze your credit if personal information was exposed
6. Report the attack to help protect others
7. Learn from it without shame — everyone makes mistakes