It only takes a few minutes for someone to fall victim to one phishing scam. But what can we do if we click on a link and suddenly realize it might have been a scam?

Global digital security company ESET presents ten steps what can we do after we’ve taken the… bait.

1. We do not give more information. If we have received an e-mail from an online store that raises some suspicions, but we have clicked on the attached link, we avoid sharing any additional information and do not give out our bank account details.

2. We disconnect our device from the internet. Some phishing attacks may install malware, collect information about us and our device, or gain remote control of the compromised device. To mitigate the damage, we start by disconnecting the compromised device from the internet.

3. We back up our data.

Disconnecting from the internet will prevent more data from being sent to the malicious server, but what about our data that is still at risk? We should back up our files, especially sensitive documents or files of high personal value, such as photos and videos. Of course, backing up our data after the attack can be risky as it may already be compromised by malware and we back up the malware too. That’s why we should back up our files regularly and proactively. If malware infects our device, we can recover our data from an external hard drive, USB stick, or cloud storage service.

4. We run the command to scan for malware and other threats using anti-malware software from a trusted provider while the device is still disconnected from the internet. Ideally, it would be useful to run a second scan using, for example, ESET’s free online scanner. If the scanner finds suspicious files, we follow the instructions to remove them.

5. We are considering a factory reset, i.e. returning our device to its original state by removing all installed apps and files. However, some types of malware may remain on the device even after a full reset, but chances are that erasing our mobile device or computer successfully removes any threat. Factory reset is irreversible and will delete all data stored locally, so we should have backups.

6. We change our passwords. Phishing emails can trick us into revealing our sensitive data, such as ID numbers, bank and credit card details or passwords. Even when we don’t give out our information, it’s possible that if malware is installed on the device, it will detect it. If this is the case, we should immediately change our login details to different accounts.

7. We contact banks, authorities and service providers if we have provided bank/credit card details or login details for a website with access to our cards. The card may be blocked or frozen to prevent future fraud and to prevent or minimize any financial losses.

8. We monitor our account activity.

Cybercriminals who successfully break into one of our devices or accounts may try to establish their presence there for as long as possible. They may change login details, email addresses, phone numbers, or anything else that may help them establish their credentials in our account.

We monitor our activity on our social media accounts, banking information and online purchase history. If, for example, we spot payments that seem strange, unknown or unauthorized, we report it, change our login details and ask for a refund.

9. We are looking for unrecognized devices. If hackers stole our account information, chances are they tried to log in from their own device. Most social networking platforms keep a record of current login sessions as part of their privacy settings. We check it and perform a forced disconnection for each unknown device.

10. We notify friends, contacts, service providers and our employer as sometimes scammers use our contact list on a compromised account to spread phishing links or spam. We are taking steps to prevent others from falling victim.