What to Do If You Fall for a Phishing Email
Last updated: 3 August 2025
Step 1: Disconnect and Secure Your Device
If you downloaded a file or clicked a suspicious link, disconnect your device from the internet to prevent malware from spreading or communicating externally. Run a full antivirus or anti-malware scan to check for threats.
Step 2: Change Your Passwords Immediately
If you entered login details into a fake site, change your password for that account immediately. Also update any other accounts where you’ve used the same or similar password — and enable two-factor authentication where possible.
Step 3: Contact Your Bank (If Relevant)
If you shared bank details or made a payment, contact your bank right away. They may be able to cancel the transaction, block your card, or monitor for suspicious activity. The sooner you act, the better your chances of recovery.
Step 4: Report the Phishing Attempt
In the UK, forward the phishing email to report@phishing.gov.uk. You can also report it to Action Fraud (the UK’s national reporting centre for fraud and cybercrime) at actionfraud.police.uk.
Step 5: Monitor Your Accounts for Unusual Activity
Keep a close eye on your email, social media, and bank accounts for suspicious logins, password reset attempts, or unknown transactions. Consider signing up for credit monitoring if personal information was exposed.
How to Avoid Future Phishing Scams
- Always check the sender’s email address and link URLs
- Be wary of urgent messages demanding action
- Don’t download attachments or click links unless you’re sure they’re safe
- Use a spam filter and keep your devices updated