Table of Contents
If you suspect that you’ve responded to a phishing scam with personal or financial information, take these steps to minimize any damage.
Step 1: Report the incident
Contact the following authorities:
- Your credit card company, if you have given your credit card information. The sooner an organization knows your account may have been compromised, the easier it will be for them to help protect you.
- The company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received.
- In the United States, report identity theft at IdentityTheft.gov and file a fraud report at ReportFraud.ftc.gov.
You can also report the phishing scam to the Anti-Phishing Working Group by forwarding the phishing e-mail message as an attachment to [email protected].
Note: You can also copy the entire phishing e-mail message and paste it in the new message.
Step 2: Change all your passwords
- Read How to create and use strong passwords.
- Start with passwords that are related to financial institutions or information.
- Enable two-factor authentication (2FA) on every account that offers it.
Step 3: Routinely review your statements
Review your bank and credit card statements monthly for unexplained charges or inquiries that you didn’t initiate.
Step 4: Use the most up-to-date tools
- Keep Windows patched — see Check for Windows Updates.
- Use a modern e-mail client with built-in spam and phishing detection (Gmail, Outlook, Apple Mail, or similar).
- Keep your browser up to date — Chrome, Edge, and Firefox all include phishing and malware site warnings.
- Install up-to-date antivirus software. Windows Defender is built into Windows 10 and 11; on macOS and Linux, pick a reputable third-party option if you want extra protection.