What to Do If You Already Clicked the Link

You clicked the link. Maybe it was a text about a package delivery. Maybe it was an email that looked like it was from your bank. Maybe it was a popup that said your computer was infected. Whatever it was, you clicked it and now you are worried.

Take a breath. Do not panic. Clicking a link does not automatically mean you have been hacked or that your money is gone. What matters now is what you do in the next few minutes.

Here is your step-by-step damage control plan.

Step 1: Disconnect From the Internet

If you clicked the link on your computer, disconnect from WiFi immediately. On a laptop, turn off WiFi from the menu bar or system tray. On a desktop, unplug the ethernet cable. This stops any malware from communicating with the scammer's servers or downloading additional software.

If you clicked on your phone, turn on Airplane Mode. This cuts off all internet and cellular connections instantly. You can do this from your phone's control center or quick settings.

This step is most important if the link downloaded something or if you saw anything install on your device. If you just visited a webpage and closed it, disconnecting is still a good precaution but less urgent.

Step 2: Close the Browser Tab or App

Close the browser tab, window, or app where you opened the link. Do not interact with the page any further. Do not click any buttons on the page, even ones that say "cancel" or "close." Some scam pages are designed so that every button on the page does the same harmful thing.

If a popup will not close, force-close your browser:

• On a Mac: Press Command + Q to quit the browser entirely, or press Option + Command + Escape to force quit
• On Windows: Press Ctrl + Alt + Delete, open Task Manager, select your browser, and click End Task
• On iPhone: Swipe up from the bottom of the screen (or double-tap the Home button) and swipe the browser app up and off the screen
• On Android: Tap the square (recent apps) button and swipe the browser away

Step 3: Change Your Passwords Immediately

Using a different device if possible (a family member's phone or another computer), change the passwords for your most important accounts. Start with these, in this order:

1. Email: Your email is the master key to all your other accounts. If a scammer has your email password, they can reset passwords for your bank, social media, and everything else.
2. Bank and financial accounts: Change passwords for your bank, credit card, and any investment accounts.
3. The account the scam was imitating: If the scam pretended to be Amazon, change your Amazon password. If it pretended to be Netflix, change your Netflix password.

For each account, turn on two-factor authentication if it is not already enabled. This adds a second layer of protection so that even if someone has your password, they still cannot get in without your phone.

Step 4: Check Your Bank Accounts

Log into your bank account from a clean device and look for any transactions you do not recognize. Check both your checking and savings accounts. Look at pending transactions too, not just completed ones.

If you see anything suspicious, call your bank immediately using the phone number on the back of your card. Tell them you may have been exposed to a phishing attack and ask them to flag your account for monitoring.

If you entered your credit or debit card number on the scam page, call your bank and request a new card with a new number. The old card number should be deactivated immediately.

Step 5: Run Antivirus Software

Once you have changed your passwords and checked your bank accounts, reconnect to the internet and run a full antivirus scan on the device where you clicked the link.

On a computer: If you have antivirus software installed, run a full system scan (not a quick scan). If you do not have antivirus software, download Malwarebytes (free version) from malwarebytes.com and run a scan. Windows also has built-in protection called Windows Defender that you can use.

On an iPhone: iPhones are generally resistant to malware from web links due to Apple's security architecture. If you did not install any apps or profiles from the scam page, your phone is likely fine. Check Settings > General > VPN & Device Management to make sure no unknown profiles were installed.

On an Android: Run a scan with Google Play Protect (built into your phone). Go to Google Play Store > tap your profile picture > Play Protect > Scan. Also check your installed apps for anything you do not recognize.

Step 6: Monitor Your Credit

If you entered your Social Security number, date of birth, or other identifying information on the scam page, consider freezing your credit at all three bureaus. This prevents scammers from opening new accounts in your name.

• Equifax: 1-800-349-9960 or equifax.com
• Experian: 1-888-397-3742 or experian.com/freeze
• TransUnion: 1-888-909-8872 or transunion.com/credit-freeze

Even if you do not freeze your credit, check your credit reports at annualcreditreport.com over the next 90 days. You are entitled to free weekly reports from all three bureaus. Look for any accounts or inquiries you do not recognize.

When Clicking a Link Is Not a Disaster

Not every clicked link leads to disaster. If you clicked a link, saw a suspicious page, and immediately closed it without entering any information or downloading anything, you are probably fine. Modern browsers and phones have security features that prevent most drive-by malware installations.

The real danger comes when you enter information on the scam page, download something the page asks you to, or give remote access to your device.

Still, taking the precautions above is smart even if you think the exposure was minimal. It is always better to change a password you did not need to change than to leave a compromised password in place.

And remember: clicking a link does not make you careless or foolish. Scammers design these messages to be clicked. They test them. They refine them. They know what works. What matters is that you are taking action now.