You’re going through your emails, and before you know it, you’ve clicked on a link that seemed legitimate. A second later, you realize something is off: maybe the website looks strange, or you remember hearing about recent cyberattacks. Panic sets in. Did you just expose your personal information? Is your device compromised?
First, take a deep breath. Clicking a link in a phishing email doesn’t necessarily mean your accounts are hacked or sensitive information has been stolen. But it’s time to act fast. Phishing attacks rely on urgency and deception, tricking users into giving up login credentials, financial details, or access to bank accounts and business systems.
The Global Anti-Scam Alliance reported that $1.03 trillion was stolen globally by scammers in 2024. We’ve put together this guide on how to handle a phishing email so you don’t become a statistic in 2025.
Are you a student or teacher? Learn about the Top Cyberattacks on Schools in 2024 (and How to Prevent Them in 2025)
Step 1: Disconnect From the Internet
If you just clicked a phishing link, the first thing you should do is disconnect your device from the internet. This can prevent malicious software from downloading or stop the phishing site from communicating with attackers.
How to Disconnect Quickly:
- Wi-Fi Connection: Turn off Wi-Fi in your system settings or enable Airplane Mode.
- Wired Connection: Unplug your Ethernet cable immediately.
- Mobile Data: Disable cellular data if you’re on a phone or tablet.
If you’re on a company or school network, notify IT right away – they may need to take additional security measures.
Once offline, avoid restarting your device just yet. Some malicious links attempt to install malware that persists even after a reboot.
Step 2: Do Not Enter Any Information
Many phishing attempts lead to fake login pages designed to steal personal information like usernames, passwords, or payment details. If you click on a link and see a login form, do not enter anything.
If you already entered your credentials, change your password immediately using a different, secure device.
Signs You’re on a Phishing Site:
- Strange URL: The web address might look similar to a real site but have slight misspellings or extra characters.
- Urgent Language: Warnings like “Your account will be locked!” or “Unusual activity detected” pressure you into acting fast.
- Unusual Design: Logos, fonts, or layouts that seem off or low quality.
- Request for Extra Info: A real site won’t ask for your email address, security questions, or full banking details just to log in.
If you suspect a phishing attempt, close the tab immediately. Do not click anything else on the page, including cancel or close buttons, as these could trigger downloads.
Step 3: Change Your Passwords Immediately
If you entered your credentials on a phishing link, act fast to secure your online accounts before attackers do. Start by changing the password for the affected account, then update passwords for any other accounts using the same login details – especially sensitive ones like bank accounts or work systems.
Best Practices for Secure Passwords:
- Use a password manager to create and store unique, complex passwords.
- Make passwords at least 12-16 characters long, mixing letters, numbers, and symbols.
- Enable multi-factor authentication (MFA) for an extra layer of security.
- Never reuse passwords across different sites; attackers often try stolen credentials on multiple accounts.
If you can’t log in because the attacker already changed your password, start the account recovery process immediately. Check the website’s official recovery options and follow their steps to regain access.
Learn more about password security: Policies, Managers, and MFA: The Password Security Trifecta
Step 4: Scan Your Devices for Malware
Clicking a phishing link can sometimes trigger automatic downloads of malicious links or files designed to steal your sensitive information. Running a full system scan helps detect and remove any threats before they cause damage.
What to Do:
Run a Full Scan Using Security Software
- Use reputable antivirus software or anti-malware software to scan for threats.
- If possible, perform the scan while still offline to prevent further damage.
Check for Suspicious Programs
- Look for unknown applications installed recently.
- On Windows: Open Task Manager > Check Startup Programs for anything suspicious.
- On Mac: Open Activity Monitor > Review running processes.
Update Your Operating System and Software
- Security patches help protect against known vulnerabilities.
- Update your browser, operating system, and apps to the latest versions.
If your scan detects malware, follow the removal instructions provided by your anti-malware software. In severe cases, consider wiping and restoring your device from a clean backup.
Step 5: Monitor Your Accounts for Suspicious Activity
Once you’ve secured your device, keep a close watch on your online accounts, bank accounts, and social media for any unusual activity. Attackers may attempt to access your personal information or make unauthorized transactions.
Red Flags to Watch For:
- Unexpected password reset emails or login attempts from unknown locations.
- Unauthorized transactions or changes in your bank accounts.
- Messages sent from your email address or social media accounts that you didn’t write.
- New devices or apps linked to your accounts without your knowledge.
If you notice any suspicious activity:
- Change your passwords again and log out of all sessions.
- Enable account alerts for login attempts and transactions.
- Report unauthorized access to your bank, IT department, or relevant service provider.
Do you work or volunteer for a charity? Find out Why Cyberattacks on Nonprofit Organizations Are Growing
Step 6: Report the Phishing Attempt
Reporting a phishing attack helps you recover with extra support, and prevents others from falling victim to the same scam. Whether the phishing attempt targeted you at work, on social media, or through your email address, taking the right steps can help stop further damage.
Who to Report to:
- Your IT Department (For Work or School Accounts): They can investigate, block the phishing site, and check for broader security risks.
- Your Managed Security Service Provider: These cybersecurity experts will rapidly scan all devices in your network to check for damage, and mitigate any potential risks.
- Your Email Provider: Gmail, Outlook, and other providers allow you to report phishing emails directly. Mark the email as “Phishing” instead of just deleting it.
- Financial Institutions (For Banking Scams): If the phishing email tried to steal your bank account details, call your bank’s fraud department.
- FTC or Anti-Phishing Organizations: In the U.S., report phishing scams to the FTC or the Anti-Phishing Working Group.
If you received a phishing message pretending to be from a company (like Amazon, PayPal, or Microsoft), check their official website for reporting options. Many have dedicated email addresses where you can forward the phishing email for investigation.
Step 7: Educate Yourself & Strengthen Security
Once you’ve handled the immediate threat, take steps to improve your defenses against future phishing attacks. Cybercriminals constantly refine their tactics, using social engineering to trick users into revealing sensitive information. Strengthening your security awareness means you will be far less likely to fall for a scam in the future.
How to Protect Yourself Moving Forward:
- Learn how to spot phishing emails
- Look for unusual sender addresses, poor grammar, and urgent language.
- Hover over links before clicking to check the real destination.
- Be skeptical of unexpected attachments or requests for personal information.
- Enable Multi-Factor Authentication (MFA), so even if hackers steal your credentials, they will be prevented from accessing your online accounts without a secondary verification step.
- Use a password manager to create and store strong passwords, so you don’t reuse weak ones across different sites.
- Keep your software and operating system updated. These security patches prevent cybercriminals from exploiting vulnerabilities.
- Be cautious on social media. Cybercriminals use social media to gather details about potential victims. Avoid oversharing personal or work-related information.
- If your workplace offers phishing scam simulations, take them seriously—they train you to recognize real threats before it’s too late.
Learn more about phishing: How to Recognize, Report, and Prevent Phishing Attacks
Next Steps: Educate Your Team and Prepare for Phishing Scams
Cybercriminals rely on social engineering and human error to succeed. Knowing what to do if you open a phishing email, or click a suspicious link, enables you to act fast and minimize the potential damage. The more you educate yourself and take proactive security measures, the harder it is for them to trick you.
The cybersecurity experts at CTS can help strengthen your defenses and educate your employees now to ensure you’re better prepared the next time a phishing attempt lands in your inbox. Reach out to us today and find out how we can help prepare your organization for these sly tactics.
