PhishingRadar

You clicked a phishing link? Here's how to respond right now.

Stay calm and follow these steps. Most incidents can be contained if you act quickly – every minute counts.

1. Right now: don't go any further

Close the suspicious page or email without entering any more data. If you've already filled out a form but haven't submitted it yet, just close the window.

2. Change your password immediately

Did you enter login credentials? Change the password for the affected service right away – and everywhere else you still use the same password. Enable two-factor authentication (2FA) if possible.

3. Tell IT or your manager

Report the incident immediately – even if it feels uncomfortable. No one will hold it against you: reporting quickly is the single most important step in limiting damage to the whole company.

4. Contact your bank if payment details were involved

Did you enter credit card or bank details? Have the card blocked, notify your bank, and check recent account activity for unfamiliar transactions.

5. Have your device checked if you downloaded something

Did you open or download a file? Disconnect the device from the network (Wi-Fi/cable), stop using it, and have IT scan it for malware.

6. Document the incident

Take a screenshot of the message or page and note the time and circumstances. This helps IT with analysis and matters if a report needs to be filed.

7. Warn your colleagues

Might the same message have gone to others in the company too? Let your colleagues know so they can stay alert as well.

This guide doesn't replace individual IT security advice, but it helps you react correctly in the first few minutes after an incident.