Help! I Just Clicked On A Phishing Email Or Text
Phishing messages generally fall into one of two types - links to spoofed websites that try to steal your personal details, or email attachments that contain malware.
For help on identifying whether the email or text you're concerned about was a phishing message or not see this page here. If in doubt, always follow the tips below.
Jump straight to topic:
If you opened an email attachment...
An unexpected attachment - likely to be loaded with viruses!
A common type of phishing email are ones with attachments infected with viruses.
These might be disguised as an invoice, a delivery note, or something else that is designed to encourage you to open it.
The file may even have been crafted to look legitimate when you open them so as to minimise suspicion - just because they open normally & look like the document they're claiming to be doesn't mean that they're innocent.
There's several indicators you could look for to confirm your suspicions of it being infected (for example if it asked you to "Enable Macros"), but to be safe it's best to just always assume the worst - and follow the steps below.
Check your PC for viruses
The most important step to take if you ever open one of these attachments is to check your PC for viruses - follow our guide to removing computer viruses. Make sure you follow the Recovery steps in Section 3 on that page too, including checking that your all your software is up to date.
It's also always a good idea to re-run the virus scan after a couple of days as well - if the virus is new then it can take a couple of days for antivirus programs to catch up.
Delete the email and attachment
Keeping the email won't do any harm to your computer if you never touch it again, but to be really safe you should delete it (and any copies of the attachment if you saved them). This will help prevent any accidental opening of the attachment in the future, for example by a family member who stumbles across it.
If you clicked a link...
A typical phishing website (this one actually originated as a text message from "my bank")
The aim of many phishing messages - whether in an email or a text message - is to trick you into visiting a fake website where they can capture your passwords or bank details.
Often these sites - just like the email or text message you clicked on - will impersonate a well known brand such as a bank, the government, or a shopping website, and will probably take you directly to a login page or other page that asks for lots of personal details.
Some fake sites will settle for asking for your username and password (like a normal logon page), but others may be greedier and ask for your bank or credit card details, answers to any security questions you have set up, your PIN, and other sensitive information too. Some sites may even then forward you onto the real website of the company they're impersonating - even logging you in for real - so that you're less likely to be suspicious and raise an alarm.
It's important to know that the criminals behind these are experienced at creating convincing emails and websites. Don't feel shame at having been tricked - millions of other people have been too! Follow the guidance below to recover from this, and then read through our phishing guide to learn how to spot these scams in the future.
Firstly, run a virus scan
Some of these fake websites are deliberately infected with viruses to try to capture your details from other websites too. If you clicked a link from your computer (don't worry about this step if you clicked the link from a phone) then make sure you run a virus scan first. Check too that your operating system and all software is up to date.
Did you enter any personal details?
These spoof websites try to trick you into handing over your personal details. They may claim you need to enter your username, password, and bank details, in order to prove your identity, but what you're really doing is giving the criminals the keys to your account.
If you've been affected in this way you need to take action as soon as you can to limit any damage that the criminals can do:
1. Inform your bank and credit card provider
If you entered any bank or credit card details then inform them straight away. They should be able to put a stop on any future withdrawals or transactions and advise what to do next.
If you entered your login details for a website that you know has your credit card details stored (such as a shopping website), then again report it to your card provider. Whilst attackers should never be able to obtain your card details just by logging into your account, it can sometimes still be a case of better safe than sorry.
2. Change your password
Visit the genuine website of the one that the fraudsters copied by typing the address into the browser directly - don't click on any link in the email. If you find that you've already been locked out of your account then follow our guide here.
Change your answers to any password reset questions if the website uses these, as the hacker may have noted them down to be able to regain access later on.
3. Correct any changes to your personal details
Sometimes hackers leave themselves a way to get back into your account by changing your details. Double check everything - your postal address, email addresses, phone numbers, and anything else - to make sure everything is correct & as it should be.
4. Check for and cancel any orders not from you
For shopping websites take a look at your account history to see if any fraudulent orders have been placed, and if so let the website know. You should still report it even if it's too late to stop the order; the website can investigate and may even sometimes give you a refund.
5. Delete any unrecognized devices
Some websites, such as Facebook or Google, know which devices you've previously logged in from to help verify your identity. If the affected website offers this feature then review the devices it knows of (they'll be listed somewhere in your account settings) & delete any you don't recognise.
6. Remove any stored credit cards
It's also sensible to delete any credit cards that you've got stored on your account. Whilst no website should ever display the full card number, it may display the last 4 digits. These are sometimes used as a security question by customer service departments to identify users; delete any cards so that the hacker can't use these to "identify" themselves.
7. Inform your friends & contacts
If your account is an email or social media account then it can be helpful to let your friends know you've been hacked in case the hackers have used it send out spam. If it's too late & some of your friends have already clicked on something in one of these emails, or opened an attachment, then direct them to this website for help.