Scam › Module 3 › Lesson 1
What to Do If You Clicked
First 15 minutes after a phishing click: disconnect, change passwords, enable MFA, and check sessions
Opening
You clicked. Now move.
Shame freezes people—and attackers count on that. If you opened a bad link or typed a password, treat the next minutes like a small incident response drill. Speed and order matter more than perfection.
1. First 15 Minutes
Phishing click response — follow in order1. Disconnect from Wi-Fi / unplug Ethernet if malware suspected 2. From a clean device/browser, change the password you typed 3. Turn on MFA (authenticator app preferred over SMS) 4. Sign out other sessions / review active devices 5. Check email forwarding rules and inbox filters 6. Notify IT / bank / a trusted adult if work or money involved
1. Disconnect from Wi-Fi / unplug Ethernet if malware suspected 2. From a clean device/browser, change the password you typed 3. Turn on MFA (authenticator app preferred over SMS) 4. Sign out other sessions / review active devices 5. Check email forwarding rules and inbox filters 6. Notify IT / bank / a trusted adult if work or money involved
2. What Else to Check
Password reuse
If that password was used elsewhere, change those accounts too—start with email and banking.
Unknown apps / profiles
On mobile, remove shady profiles or apps installed around the same time.
Money movement
Watch accounts for new payees, crypto sends, or gift-card buys. Call the bank using the number on your card.
Clean device first
If you fear malware, do password resets from another phone/computer you trust—or after a scan/reinstall guidance from IT.
Knowledge Check
After typing a password on a fake site, you should first:
Multiple choice
Knowledge Check
True or False: Checking email forwarding rules after a phishing incident is unnecessary.
True or False
Knowledge Check
Why sign out other sessions after a phishing login?
Multiple choice