C

Scam › Module 3 › Lesson 1

BeginnerModule 3Lesson 1/4

What to Do If You Clicked

First 15 minutes after a phishing click: disconnect, change passwords, enable MFA, and check sessions

15 min+50 XP3 quiz
Module progress1 of 4
!Contain · Investigate · Recover
Alarm · Containment · IR playbook

Opening

You clicked. Now move.

Shame freezes people—and attackers count on that. If you opened a bad link or typed a password, treat the next minutes like a small incident response drill. Speed and order matter more than perfection.

1. First 15 Minutes

Phishing click response — follow in order1. Disconnect from Wi-Fi / unplug Ethernet if malware suspected 2. From a clean device/browser, change the password you typed 3. Turn on MFA (authenticator app preferred over SMS) 4. Sign out other sessions / review active devices 5. Check email forwarding rules and inbox filters 6. Notify IT / bank / a trusted adult if work or money involved

1. Disconnect from Wi-Fi / unplug Ethernet if malware suspected
2. From a clean device/browser, change the password you typed
3. Turn on MFA (authenticator app preferred over SMS)
4. Sign out other sessions / review active devices
5. Check email forwarding rules and inbox filters
6. Notify IT / bank / a trusted adult if work or money involved

2. What Else to Check

  • Password reuse

    If that password was used elsewhere, change those accounts too—start with email and banking.

  • Unknown apps / profiles

    On mobile, remove shady profiles or apps installed around the same time.

  • Money movement

    Watch accounts for new payees, crypto sends, or gift-card buys. Call the bank using the number on your card.

Clean device first

If you fear malware, do password resets from another phone/computer you trust—or after a scan/reinstall guidance from IT.

Knowledge Check

1

After typing a password on a fake site, you should first:

Multiple choice

Knowledge Check

2

True or False: Checking email forwarding rules after a phishing incident is unnecessary.

True or False

Knowledge Check

3

Why sign out other sessions after a phishing login?

Multiple choice

← Previous

Answer all 3 knowledge checks to continue. (0/3 answered)