If you have accidentally clicked on a phishing email, it is important to act quickly. This way, you can limit the damage. Often an organization will have a policy worked out that tells you what to do. Don't know what to do? Then follow these steps:
This article was last updated on
9/4/2025
1. Close the browser and disconnect:
- Immediately close all tabs and windows of your browser.
- Disconnect the Internet connection (for example, by turning off the wifi).
2. Change your passwords:
- Change the passwords of all accounts you think may have been compromised. Start with your e-mail password and then move on to important accounts such as bank accounts, social media and other sensitive accounts.
3. Check for malware:
- Run a full scan with an up-to-date antivirus program to check for malware or viruses that may be installed on your device.
- If malware is found, follow your antivirus program's instructions to remove it.
4. Check your financial accounts:
- Check your bank and credit card statements for suspicious activity. Report unauthorized transactions to your bank immediately.
5. Contact your IT department or an expert:
- If you work for a company, report the incident to the IT department immediately.
- If you need personal help, consider contacting an IT expert for further assistance.
6. Secure your accounts:
- Enable two-step verification (2FA) where possible to add an extra layer of security to your accounts.
- Check the security settings of your accounts and make sure everything is up to date.
7. Block the sender and report the phishing email:
- Block the sender of the phishing email to prevent further attempts.
- Report the phishing e-mail to your e-mail provider. Many providers have a feature to report phishing.
8. Learn from the incident:
- Spend time learning how to recognize phishing emails, as is also required by ISO 27001 and NEN 7510. This can help prevent future incidents.
💬 If you have any questions, feel free to contact us or schedule a no-obligation meeting!
To news overview
