Cybersecurity Emergency Checklist: What to Do After You Clicked a Bad Link
You clicked the link, now what? This calm, ordered emergency checklist covers passwords, MFA, banking, malware scans, and reporting, so you can shut down the damage before it spreads.

Table of contents
You clicked the link. Maybe you typed your password, maybe you only opened the page before the alarm bells rang. Either way, the worst thing you can do now is freeze. Acting quickly and in the right order can shut down most of the damage before it spreads. This is a clear, calm emergency checklist for what to do in the minutes and hours after you suspect you have fallen for a scam or malicious link.
First: do not panic, but move fast
Most account takeovers depend on speed; the attacker wants to use stolen details before you react. Your goal is to get ahead of them. The steps below are ordered by impact, so work top to bottom and do not skip the early ones to chase a later worry.
A quick triage question helps: what did you actually give away? If you only clicked a link and closed it, your risk is lower (focus on malware checks). If you entered a password or a code, treat it as a credential compromise and start at step one immediately.
The action plan
1. Disconnect if you downloaded or ran something
If clicking the link downloaded a file or you ran an attachment, disconnect that device from Wi-Fi and unplug any network cable. This limits malware's ability to spread or phone home while you deal with it.
2. Change the exposed password, and reuse-victims too
From a different, trusted device if possible, change the password on the affected account. Then change it on any other account where you used the same or similar password, because attackers will try it everywhere. Use a password manager to set unique strong passwords as you go.
3. Turn on multi-factor authentication
Enable MFA on the affected account and your important ones, prioritising email. An attacker with your password is stopped cold if they cannot pass the second factor. If MFA was already on and you typed a code into a fake page, change the password again and check for any unrecognised logged-in sessions, signing them out.
4. Protect your money
If you entered card or banking details, contact your bank or card issuer right away to flag the transaction risk, and watch for unexpected charges. Many banks can lock the card and issue a new one quickly.
5. Scan for malware
Run a full scan with reputable, up-to-date security software on any device that may have downloaded something. If anything is found, follow its removal steps and consider changing passwords again afterwards from a clean device.
6. Check the account for tampering
Once back in, review the account for changes the attacker may have made: forwarding rules on email, altered recovery phone or email, new linked devices, or changed security questions. Undo anything you did not set.
7. Report it
Report the scam to your email or phone provider and your national reporting service. As the NCSC notes, "reporting a scam is free and only takes a minute," and it helps get the scam taken down so others are not caught.
Quick reference
| If you gave away... | Do this first |
|---|---|
| A password | Change it everywhere it was reused, then enable MFA |
| A one-time code | Change the password and sign out all active sessions |
| Card / bank details | Call your bank to flag and lock the card |
| Nothing, but clicked a link | Disconnect and run a full malware scan |
Bottom line
After a bad click, calm speed wins. Disconnect if you downloaded anything, change the exposed password and any reused copies, switch on MFA, protect your bank, scan for malware, check the account for tampering, and report it. Work the list in order and you will close off most of the damage before it has a chance to spread.
Sources and further reading
Sources
- NCSC: Phishing attacks — dealing with suspicious emails, calls and messages ncsc.gov.uk


