What should I do first after clicking a suspicious link?

Stop interacting with the page, do not enter more information, and open the official app or website yourself. If money or account access is involved, contact the provider quickly.

What if I entered my card or payment details?

Contact your bank or card provider using the official app or saved number. Ask about blocking the card, monitoring charges, chargebacks, or disputes.

Should I be embarrassed if I clicked?

No. These scams are designed to make people hurry. The useful move is to slow down, stop the next action, and move back to official channels.

Already clicked?

Stop the next action first.

Choose the closest situation. The goal is not to panic — it is to stop further damage and move back to official channels.

You didn’t do anything wrong. This is designed to make you hurry.

I entered payment details I entered a password I entered nothing

Recovery paths

Start with what you did, not with the scam name.

Use the option that matches what happened. Each path gives one calm first step before you read anything longer.

Fake link Clicked, but entered nothing

Close it, stop interacting, then check the real app or site yourself.

Money/card Entered payment details

Contact your bank or card provider through the official app or saved number.

Change it from the official site, turn on 2FA, and sign out other sessions.

Support call Called a fake number

Hang up, block remote access, and secure accounts from a safe device.

Download Downloaded a file

Do not open it. Delete it or ask trusted support to inspect the device.

Family Helping someone else

Call calmly, avoid blame, and build a timeline of what happened.

Do this first

Next 5 minutes

If you feel rushed, threatened, or embarrassed, that is exactly the moment to slow down.

Stop interacting with the message, popup, caller, or payment request.
Do not enter more information, approve more prompts, or send more money.
Open the official app, website, or saved contact method yourself.
If money or account access is involved, contact the provider quickly.

Pick what happened

Use the closest case, not the perfect label.

Scams work by making you rush. These steps are deliberately plain: first stop, then secure, then keep evidence.

I clicked but entered nothing

Do this first

Close the tab or message.
Do not click a second button, download anything, or call a number from the page.
Open the real app or website yourself if you still need to check the issue.

What to avoid

Do not go back to “just check one more thing”.
Do not allow browser notifications or install profiles/extensions.

When to contact bank/provider/authorities

Usually you do not need to contact a bank or provider if nothing was entered or downloaded. Contact them if the page involved money, account warnings, or identity documents.

What evidence to keep

Screenshot the message or page if safe.
Keep the sender, date, and link text without reposting personal details.

I entered a password

Do this first

Change that password from the official app or website.
Use a different safe device if you think this one may be compromised.
Turn on two-factor authentication if available.
Sign out of other sessions if the account offers it.

What to avoid

Do not change the password through the suspicious link.
Do not share one-time codes with anyone who contacts you afterwards.

When to contact bank/provider/authorities

Contact the account provider if you cannot sign in, see unknown activity, or recovery details were changed.

What evidence to keep

Save the original message or page screenshot.
Note the approximate time you entered the password.

I entered card or payment details

Do this first

Contact your bank or card provider using the official app or saved number.
Ask about blocking the card, monitoring charges, chargebacks, or disputes.
Check for small test charges and unfamiliar subscriptions.

What to avoid

Do not call a phone number shown on the suspicious page.
Do not pay a second fee to “reverse” or “unlock” anything.

When to contact bank/provider/authorities

Contact your bank/card provider quickly. If identity documents were also shared, ask what extra monitoring or reporting steps are recommended.

What evidence to keep

Keep screenshots, transaction references, merchant text, and timestamps.
Do not edit the screenshots except to hide personal details when sharing with helpers.

I downloaded a file

Do this first

Do not open the file.
Disconnect from the page and close the browser tab.
Delete the file or ask a trusted support person to inspect the device.
Run your normal device protection scan if you have one.

What to avoid

Do not grant installer permissions.
Do not enter admin passwords because a downloaded file asks for them.

When to contact bank/provider/authorities

Contact your workplace IT, device support, or account provider if the file was opened or asked for permissions.

What evidence to keep

Keep the file name, download time, and source page screenshot if safe.
Do not forward the file to family or friends.

I called a fake support number

Do this first

Hang up.
Do not install remote-access tools.
If remote access was granted, disconnect internet and ask trusted support to inspect the device.
Change exposed passwords from a safe device.

What to avoid

Do not read out one-time codes.
Do not buy gift cards or send payment because the caller says your account is at risk.

When to contact bank/provider/authorities

Contact your bank/card provider if payment details, codes, remote access, or money were involved. Contact the real account provider through the official website/app.

What evidence to keep

Save the phone number, call time, screenshots, and payment receipts if any.
Write down what information you shared.

I sent money

Do this first

Contact your bank or payment provider immediately.
Ask whether the transfer can be stopped, recalled, disputed, or monitored.
Stop all contact with the person asking for more money.

What to avoid

Do not pay a recovery fee.
Do not trust someone who says they can get the money back for a new payment.

When to contact bank/provider/authorities

Contact your bank/payment provider now. Depending on the amount and location, consider local authorities or a consumer protection service.

What evidence to keep

Keep receipts, wallet addresses, transfer references, screenshots, chat logs, and dates.
Keep the account names and payment route used.

I approved a login prompt

Do this first

Reject any further prompts.
Change the account password from the official app or website.
Sign out of other sessions.
Review recent login activity and recovery details.

What to avoid

Do not approve another prompt to “fix” the first one.
Do not tell anyone the code shown on screen.

When to contact bank/provider/authorities

Contact the account provider if you see unknown sessions, cannot sign in, or recovery settings changed.

What evidence to keep

Screenshot account activity if available.
Note the time and device/location shown in the prompt.

A family member clicked

Do this first

Call them calmly using a saved number.
Tell them to stop interacting with the message or caller.
Ask what they clicked, entered, downloaded, approved, or paid.
Help them follow the closest section on this page.

What to avoid

Do not blame them. Shame makes people hide details.
Do not use phone numbers or links from the suspicious message.

When to contact bank/provider/authorities

Contact banks, account providers, workplace IT, or authorities based on what was shared or paid.

What evidence to keep

Help them keep screenshots, call logs, receipts, and account activity.
Write down a timeline while it is fresh.

Printable backup

Want a calmer checklist?

Open the free checklist before helping someone else or before checking a second suspicious message.

Open the free checklist Fake delivery guide Fake login guide Browse red flags