Reviewed 2026-07-15
I clicked a phishing link: what now
Clicking alone and entering information are different risk levels. Determine whether anything was entered, downloaded, or installed.
Pause before acting. Do not use links, phone numbers, or apps provided by a suspicious sender.
What to check first
Use the points below as a decision checklist, not as a guarantee. Criminal campaigns change quickly and may use correct names, logos, and details taken from earlier breaches.
- close the page
- review downloads
- change exposed credentials
- run an incident plan
A safer sequence of actions
- Stop the current interaction. Do not click again, reply, pay, or install software.
- Open the official service independently by typing a known address or using an installed app.
- If credentials, payment data, or device access were exposed, start the incident plan immediately.
- Preserve evidence and use the official reporting channel in your country.
Reserved advertising area — never placed beside emergency controls or results.
What this guide cannot determine
No checklist can prove that a message, website, caller, or device is safe. When money, identity, or account access is at risk, verify through an independent official channel and seek qualified help when needed.
Sources and review date
- CERT Polska — Raport roczny 2025 — 2026-07-15
- CERT Polska — zgłaszanie podejrzanych SMS 8080 — 2026-07-15
- CISA — Recognize and Report Phishing — 2026-07-15
- NIST — How Do I Create a Good Password? — 2026-07-15