Recovery guide

What To Do If You Clicked a Phishing Link

Clicking a phishing link does not always mean your accounts are compromised — but act quickly to limit any damage.

Last reviewed: 1 June 2026

First 10 minutes

Close the tab or page immediately — do not enter usernames, passwords, or any personal data
If the page prompted you to download or install something, disconnect from the internet and do not run it
Note the URL you visited so you can report it
If you did enter login details, go to the real site immediately and change your password
Enable or confirm two-factor authentication on any account you may have entered details for

First 24 hours

Change passwords on any accounts where the same credentials are reused
Check account activity for logins you do not recognise
Run a security scan on your device if you downloaded or opened anything from the link
Report the phishing URL to your national reporting service (e.g. [email protected] in the UK, or [email protected])
Forward phishing emails to your email provider's abuse address

Contact your bank or payment provider

If you entered any card or banking details, contact your bank immediately
Ask them to monitor your account and replace any compromised cards
Check recent transactions for unauthorised activity

Evidence to preserve

Copy or screenshot the full URL of the phishing page
Save the original email, text, or message that contained the link
Note any prompts or forms that appeared on the page
Keep the email headers if the phishing arrived via email

Secure your accounts and devices

Change passwords for any service the phishing page impersonated
Enable app-based two-factor authentication on affected accounts
Check for unknown devices or active sessions in your account settings
If you installed anything, remove it and run a full security scan
Review email forwarding rules in case they were changed

Report it

Report phishing emails to your email provider and national reporting service
Report the URL to Google Safe Browsing (safebrowsing.google.com/safebrowsing/report_phish)
Report to the brand being impersonated so they can warn their customers
Keep any reference numbers you receive

Clicking a phishing link is more common than most people realise, and it does not automatically mean your accounts are taken over. The risk depends on what happened next: if you only opened the page but entered nothing and downloaded nothing, the risk is relatively low.

The danger is greatest if you entered credentials, filled out a form, or ran a download. In those cases, act quickly: change the relevant passwords, enable 2FA, and scan your device.

Phishing pages often closely mimic real services — banks, courier companies, government portals, and streaming platforms are common targets. The tell is usually the URL, which will differ from the real domain. Bookmark the real sites you use frequently so you are less reliant on links in messages.

Frequently asked questions

I only clicked the link but didn't enter anything — am I safe?

Probably yes. Simply loading a phishing page rarely causes harm on modern, updated browsers. The risk increases sharply if you entered credentials or downloaded and ran a file. Keep an eye on account activity to be sure.

I entered my email and password — what should I do?

Change that password on the real site immediately, then change it on any other service where you use the same credentials. Enable 2FA and check your account activity for unexpected logins.

How do I tell a phishing page from a real one?

Check the full URL in the address bar — phishing pages use domains that mimic but do not match the real site. Look for misspellings, extra words, or unusual domain endings. When in doubt, close the tab and navigate directly to the real site.

Should I report the phishing link?

Yes. Reporting to your national service, Google Safe Browsing, and the impersonated brand helps get the page taken down faster and protects others who might receive the same message.

Can my device get infected just from clicking a link?

It is uncommon on up-to-date browsers and operating systems, but possible through known vulnerabilities. Keep your browser, OS, and security software updated to reduce this risk.

Sources

First 10 minutes

Close the tab or page immediately — do not enter usernames, passwords, or any personal data

If the page prompted you to download or install something, disconnect from the internet and do not run it

Note the URL you visited so you can report it

If you did enter login details, go to the real site immediately and change your password

Enable or confirm two-factor authentication on any account you may have entered details for

First 24 hours

Change passwords on any accounts where the same credentials are reused

Check account activity for logins you do not recognise

Run a security scan on your device if you downloaded or opened anything from the link

Report the phishing URL to your national reporting service (e.g. [email protected] in the UK, or [email protected])

Forward phishing emails to your email provider's abuse address

Secure your accounts and devices

Change passwords for any service the phishing page impersonated

Enable app-based two-factor authentication on affected accounts

Check for unknown devices or active sessions in your account settings

If you installed anything, remove it and run a full security scan

Review email forwarding rules in case they were changed

Frequently asked questions

I only clicked the link but didn't enter anything — am I safe?

I entered my email and password — what should I do?

Change that password on the real site immediately, then change it on any other service where you use the same credentials. Enable 2FA and check your account activity for unexpected logins.

How do I tell a phishing page from a real one?

Should I report the phishing link?

Yes. Reporting to your national service, Google Safe Browsing, and the impersonated brand helps get the page taken down faster and protects others who might receive the same message.

Can my device get infected just from clicking a link?

It is uncommon on up-to-date browsers and operating systems, but possible through known vulnerabilities. Keep your browser, OS, and security software updated to reduce this risk.