Scams & Phishing

Cybersecurity Emergency Checklist: What to Do After You Clicked a Bad Link

You clicked the link, now what? This calm, ordered emergency checklist covers passwords, MFA, banking, malware scans, and reporting, so you can shut down the damage before it spreads.

Cybersecurity for Beginners · Jul 8, 2026 · updated Jun 16, 2026
Cybersecurity Emergency Checklist: What to Do After You Clicked a Bad Link
Table of contents
  1. First: do not panic, but move fast
  2. The action plan
  3. Quick reference
  4. Bottom line
  5. Sources and further reading

You clicked the link. Maybe you typed your password, maybe you only opened the page before the alarm bells rang. Either way, the worst thing you can do now is freeze. Acting quickly and in the right order can shut down most of the damage before it spreads. This is a clear, calm emergency checklist for what to do in the minutes and hours after you suspect you have fallen for a scam or malicious link.

First: do not panic, but move fast

Most account takeovers depend on speed; the attacker wants to use stolen details before you react. Your goal is to get ahead of them. The steps below are ordered by impact, so work top to bottom and do not skip the early ones to chase a later worry.

A quick triage question helps: what did you actually give away? If you only clicked a link and closed it, your risk is lower (focus on malware checks). If you entered a password or a code, treat it as a credential compromise and start at step one immediately.

The action plan

1. Disconnect if you downloaded or ran something

If clicking the link downloaded a file or you ran an attachment, disconnect that device from Wi-Fi and unplug any network cable. This limits malware's ability to spread or phone home while you deal with it.

2. Change the exposed password, and reuse-victims too

From a different, trusted device if possible, change the password on the affected account. Then change it on any other account where you used the same or similar password, because attackers will try it everywhere. Use a password manager to set unique strong passwords as you go.

3. Turn on multi-factor authentication

Enable MFA on the affected account and your important ones, prioritising email. An attacker with your password is stopped cold if they cannot pass the second factor. If MFA was already on and you typed a code into a fake page, change the password again and check for any unrecognised logged-in sessions, signing them out.

4. Protect your money

If you entered card or banking details, contact your bank or card issuer right away to flag the transaction risk, and watch for unexpected charges. Many banks can lock the card and issue a new one quickly.

5. Scan for malware

Run a full scan with reputable, up-to-date security software on any device that may have downloaded something. If anything is found, follow its removal steps and consider changing passwords again afterwards from a clean device.

6. Check the account for tampering

Once back in, review the account for changes the attacker may have made: forwarding rules on email, altered recovery phone or email, new linked devices, or changed security questions. Undo anything you did not set.

7. Report it

Report the scam to your email or phone provider and your national reporting service. As the NCSC notes, "reporting a scam is free and only takes a minute," and it helps get the scam taken down so others are not caught.

Quick reference

If you gave away... Do this first
A password Change it everywhere it was reused, then enable MFA
A one-time code Change the password and sign out all active sessions
Card / bank details Call your bank to flag and lock the card
Nothing, but clicked a link Disconnect and run a full malware scan

Bottom line

After a bad click, calm speed wins. Disconnect if you downloaded anything, change the exposed password and any reused copies, switch on MFA, protect your bank, scan for malware, check the account for tampering, and report it. Work the list in order and you will close off most of the damage before it has a chance to spread.

Sources and further reading

Sources

  • NCSC: Phishing attacks — dealing with suspicious emails, calls and messages ncsc.gov.uk