I Clicked a Phishing Link — What Now?
Don't panic. Take these steps in order — the first two are the most important.
Don't click anything else on the page
ImmediateClose the browser tab immediately. Do not enter any usernames, passwords, or payment details on the page that opened.
Change your email password
Within 5 minutesGo to your Gmail account settings and change your password now. If you used the same password elsewhere, change those too. Use a unique password for each account.
Enable two-factor authentication
Within 10 minutesTurn on 2-step verification for Gmail at myaccount.google.com. This means even if someone has your password, they can't access your account without your phone.
Check your Gmail for suspicious activity
Within 30 minutesScroll to the bottom of Gmail and click "Details" to see recent activity. Look for logins from unknown locations. Check your Sent folder for emails you didn't send.
Scan your inbox for more phishing
TodayPhishers often send multiple attempts. Scan your inbox to find and delete any other phishing emails before you accidentally click one.
Report the phishing email
TodayIn Gmail: open the phishing email, click the three dots (⋮), and select "Report phishing". Also forward it to reportphishing@apwg.org to help protect others.
Scan your inbox for more phishing
Gorganizer analyzes 1,751+ signals to detect phishing emails, spoofed senders, suspicious attachments, and scam patterns — and removes them safely.
Scan my inbox for phishing →Nothing is permanently deleted — 30-day recovery window