Help! I Opened A Phishing Email Or Text
Phishing scams generally fall into one of two types - links to fake websites that try to steal your personal details, or malicious attachments that contain viruses and other malware.
All of us can easily get caught out by fake emails or text messages from time to time. Below we have detailed advice for what to do next if you've opened a phishing email or clicked on a suspicious link.
For help on identifying whether the email or text that you're concerned about was fake then see our guide here on how to spot phishing emails. If in doubt, always follow the tips below.
Jump straight to topic:
If you opened an attachment in a phishing email...
An unexpected attachment - likely to be loaded with viruses!
A common type of phishing email are ones with malicious attachments that are infected with viruses and other malware.
These might be disguised as an invoice, a delivery note, or something else that is designed to encourage you to open it.
The file may even have been crafted to look legitimate when you open them so as to minimise suspicion - just because they open normally & look like the document they're claiming to be doesn't mean that they're not fake.
There's several indicators you could look for to confirm your suspicions of it being infected (for example if a message appeared as you opened it asking you to "Enable Macros"), but to be safe it's best to just always assume the worst - and follow the steps below.
Check your computer for viruses
The most important step to take if you ever open one of these attachments is to check your device for viruses - follow our guide to removing computer viruses. Make sure you follow the Recovery steps in Section 3 on that page too, including checking that your all your software is up to date.
Our guide has full details of what do, however as a quick link the following antivirus manufacturers make free software available that will perform a one-off virus scan of your computer:
For Windows PCs:
- Trend Micro
- Sophos
- ESET
- Kaspersky (look for the 'Kaspersky Virus Removal Tool')
For Mac computers:
It's also always a good idea to re-run the virus scan after a couple of days as well - if the virus is new then it can take a couple of days for antivirus programs to catch up.
Delete the email and attachment
Keeping the email won't do any harm to your computer if you never touch it again, but to be really safe you should delete it (and any copies of the attachment if you saved them). This will help prevent any accidental opening of the attachment in the future, for example by a family member who stumbles across it.
If you clicked on a phishing link...
A typical phishing website (this one originated as a text message that displayed as being from "My Bank")
The aim of many phishing messages - whether in an email or a text message - is to trick you into visiting a fake website where they can capture your passwords or bank details.
Often these sites - just like the email or text message you clicked on - will impersonate a well known brand such as a bank, the government, or a shopping website, and will probably take you directly to a login page or other page that asks for lots of personal details.
Some fake sites will settle for asking for your username and password (as if it were a normal logon page), but others may be greedier and ask for your bank or credit card details, answers to any security questions you have set up, your PIN, and other sensitive information too. Some sites may even subsequently send you onto the real website of the company they're impersonating - even logging you in for real - so that you're less likely to be suspicious.
It's important to know that the criminals behind these are experienced at creating convincing scam emails and fake websites. Don't feel shame at having been tricked - millions of other people have been too! Follow the guidance below to recover from this, and then read through our guide to learn how to spot phishing scams in the future.
Firstly, run a virus scan
Some of these fake websites are deliberately infected with viruses to try to capture your details from other websites too. If you clicked a link from your computer (don't worry about this step if you clicked the link from a phone) then make sure you run a virus scan first.
Our guide has full details of what do, however as a quick link the following antivirus manufacturers make free software available that will perform a one-off virus scan of your computer:
For Windows PCs:
- Trend Micro
- Sophos
- ESET
- Kaspersky (look for the 'Kaspersky Virus Removal Tool')
For Mac computers:
It's also always a good idea to re-run the virus scan after a couple of days as well - if the virus is new then it can take a couple of days for antivirus programs to catch up.
Did you enter any personal details?
These spoof websites try to trick you into handing over your personal details. They may claim you need to enter your username, password, and bank details in order to prove your identity, but what you're really doing is giving the criminals the keys to your account.
If you've been affected in this way you need to take action as soon as you can to limit any damage that the criminals can do:
1. Inform your bank and credit card provider
If you entered any bank or credit card details then inform your bank straight away. They should be able to put a stop on any future withdrawals or transactions and advise what to do next.
If you entered your login details for a website that you know has your credit card details already stored (such as a shopping website), then - even if you didn't type your card details into the fake website again - you should also report it to your card provider. Whilst attackers should never be able to obtain your card details just by logging into your account with the username and password you gave them, it can sometimes still be a case of better safe than sorry.
2. Change your password
Visit the genuine website of the one that the fraudsters copied by typing the address into the browser directly - don't click on any link in the email. If you find that you've already been locked out of your account then follow our guide here for regaining access.
Change your answers to any password reset questions if the website uses these, as the hacker may have noted them down to be able to regain access later on.
3. Correct any changes to your personal details
Sometimes hackers leave themselves a way to get back into your account by changing your details. Whilst logged into the genuine website then double check everything - your postal address, email addresses, phone numbers, and anything else - to make sure everything is correct & as it should be.
4. Check for and cancel any orders not from you
For shopping websites take a look at your account history to see if any fraudulent orders have been placed, and if so let the website know. You should still report it even if it's too late to stop the order; the website can investigate and may even sometimes give you a refund.
5. Delete any unrecognized devices
Some websites, such as Facebook or Google, know which devices you've previously logged in from to help verify your identity. If the affected website offers this feature then review the devices it knows of (they'll be listed somewhere in your account settings) & delete any you don't recognise.
6. Remove any stored credit cards
It's also sensible to delete any credit cards that you've got stored on your account. Whilst no website should ever display the full card number, it may display the last 4 digits. These are sometimes used as a security question by customer service departments to identify users; delete any cards so that the hacker can't use these to "identify" themselves.
7. Inform your friends & contacts
If your account is an email or social media account then it can be helpful to let your friends know you've been hacked in case the hackers have used it send out spam. If it's too late & some of your friends have already clicked on something in one of these emails, or opened an attachment, then direct them to this website for help.