You clicked a phishing link? Here's how to respond right now.
Stay calm and follow these steps. Most incidents can be contained if you act quickly – every minute counts.
1. Right now: don't go any further
Close the suspicious page or email without entering any more data. If you've already filled out a form but haven't submitted it yet, just close the window.
2. Change your password immediately
Did you enter login credentials? Change the password for the affected service right away – and everywhere else you still use the same password. Enable two-factor authentication (2FA) if possible.
3. Tell IT or your manager
Report the incident immediately – even if it feels uncomfortable. No one will hold it against you: reporting quickly is the single most important step in limiting damage to the whole company.
4. Contact your bank if payment details were involved
Did you enter credit card or bank details? Have the card blocked, notify your bank, and check recent account activity for unfamiliar transactions.
5. Have your device checked if you downloaded something
Did you open or download a file? Disconnect the device from the network (Wi-Fi/cable), stop using it, and have IT scan it for malware.
6. Document the incident
Take a screenshot of the message or page and note the time and circumstances. This helps IT with analysis and matters if a report needs to be filed.
7. Warn your colleagues
Might the same message have gone to others in the company too? Let your colleagues know so they can stay alert as well.
This guide doesn't replace individual IT security advice, but it helps you react correctly in the first few minutes after an incident.