Back to Header Analyzer

What to Do If You've Been Phished

Immediate actions to minimize damage and secure your accounts

Time is Critical!

The faster you act, the less damage attackers can do. Follow these steps in order.

⚠️ If you're on a work device or this involves work accounts, contact your IT department IMMEDIATELY.

Immediate Actions (First 30 Minutes)

1

Disconnect from the Internet

Immediate

  • Turn off Wi-Fi or unplug ethernet cable
  • Prevents malware from spreading or communicating
  • Stops attackers from accessing your system remotely
2

Document Everything

First 5 minutes

  • Take screenshots of the phishing email
  • Note the time you clicked/responded
  • Save any URLs or phone numbers you interacted with
  • Write down what information you provided
3

Change Passwords IMMEDIATELY

First 15 minutes

  • Change password for the compromised account (from a DIFFERENT device)
  • Change passwords for ANY account using the same password
  • Use strong, unique passwords for each account
  • Enable two-factor authentication (2FA) on all accounts
4

Check Financial Accounts

First 30 minutes

  • Review all bank and credit card transactions
  • Look for unauthorized charges or withdrawals
  • Contact your bank/credit card company immediately if you see suspicious activity
  • Consider freezing your credit if personal information was exposed

Follow-up Actions (First 24-48 Hours)

Contact Your IT Department

If this happened on a work device or involves work accounts

  • Inform your IT security team immediately
  • They can isolate your device from the network
  • They may need to scan for malware
  • Follow their incident response procedures

Run Anti-Malware Scans

If you downloaded anything or clicked a link

  • Use updated antivirus/anti-malware software
  • Run a full system scan (not quick scan)
  • Consider using multiple scanning tools
  • Boot into Safe Mode for thorough scanning

Enable Account Alerts

Set up monitoring for future suspicious activity

  • Enable login alerts for all important accounts
  • Set up transaction notifications for financial accounts
  • Review account activity regularly
  • Consider identity theft monitoring services

Report the Attack

Help authorities track and stop the attackers

  • Forward the phishing email to the FTC at spam@uce.gov
  • Report to the Anti-Phishing Working Group at reportphishing@apwg.org
  • File a complaint with the FBI IC3: ic3.gov
  • Report to the impersonated company (e.g., reportphishing@paypal.com)

Scenario-Specific Actions

Additional steps based on what happened:

I Clicked a Link

  • Clear your browser cache and cookies
  • Run anti-malware scans
  • Change passwords from a different device
  • Monitor accounts for unusual activity
  • Check browser extensions for new/suspicious additions

I Downloaded an Attachment

  • Disconnect from internet IMMEDIATELY
  • DO NOT open the file if you haven't already
  • Run full anti-malware scan in Safe Mode
  • Contact IT if work device
  • Consider professional malware removal
  • Change all passwords from a clean device

I Entered My Password

  • Change password IMMEDIATELY on all accounts using that password
  • Enable 2FA on all affected accounts
  • Check account activity logs for unauthorized access
  • Review and revoke any suspicious connected apps/sessions
  • Set up login alerts

I Gave Credit Card Information

  • Call your credit card company/bank IMMEDIATELY
  • Request a new card with different number
  • Dispute any fraudulent charges
  • Consider placing a fraud alert on your credit report
  • Monitor credit reports at annualcreditreport.com

I Gave Social Security Number

  • Place a fraud alert at one of the three credit bureaus (Equifax, Experian, TransUnion)
  • Consider a credit freeze at all three bureaus
  • File identity theft report at IdentityTheft.gov
  • Monitor credit reports closely
  • Consider identity theft protection service
  • File a police report if needed for identity theft claims

I Replied to a BEC/CEO Fraud Email

  • Contact your supervisor and finance department IMMEDIATELY
  • Stop any wire transfers or payments in progress
  • Contact your bank to reverse/block transactions
  • Inform law enforcement - BEC is a federal crime
  • Preserve all evidence (emails, communications)
  • Review company email security policies

Prevent Future Attacks

  • Always verify unexpected requests through a known, trusted channel (not email)
  • Hover over links before clicking to see the real destination
  • Use a password manager to create unique passwords
  • Enable two-factor authentication everywhere possible
  • Keep software and operating systems updated
  • Never provide passwords or sensitive info via email
  • Be skeptical of urgency - scammers use pressure tactics
  • When in doubt, forward suspicious emails to phish@check.craigpeterson.com

Important Resources & Contact Information

Credit Bureaus (Fraud Alerts):

  • Equifax: 1-888-766-0008
  • Experian: 1-888-397-3742
  • TransUnion: 1-800-680-7289

Reporting:

Free Credit Reports:

PhishCheck Analysis: