What To Do If You’ve Been Phished: 7 Next Steps

December 19, 2023


 Minute Read

In this article:

    Shield Icon

    Identity theft and fraud protection for your finances, personal info, and devices.

    Get Identity Guard

    What Happens When You Are Phished?

    When you are phished, scammers convince you to give up sensitive data — such as passwords, bank account information, or your Social Security Number (SSN) — by tricking you with beguiling emails, phone calls, and texts. With firm purchase on your information, phishers can steal your money or, worse, your identity.

    Often, scammers pose as government officials or tech support agents to lend credibility to any urgent requests for information. Others masquerade as recognizable businesses, prompting you to sign in to an account to claim a loyalty reward or discount, all the while stealing your credentials.

    In a recent scam, identity thieves sent fake United Airlines loyalty emails touting $90 in exchange for filling out a “survey” designed to harvest personally identifiable information (PII) [*].

    Phishing attempts like these aren’t always easy to spot. The good news is that there are steps you can take to prevent full-blown identity theft and evade phishing emails altogether.

    How To Recover From Phishing [7 Steps]

    Opening a phishing email may not cause any harm. But if you respond to a phishing email, phone call, or text message, acting fast can limit damage to your finances and credit report. Here’s what to do if you think you’ve been phished:

    1. Change your passwords

    Never use the same password for multiple accounts. If a scammer gets their hands on it, all of those accounts are compromised.

    Simple passwords containing your date of birth, spouse’s or children’s names, or your phone number can be easy for fraudsters to crack if that information is on the Dark Web. You can check for leaked personal data and passwords by entering your email into Identity Guard’s Dark Web scanner.

    Use unique passwords with 16 characters or more, comprising uppercase and lowercase letters, numbers, and special characters.

    Generating and memorizing these passwords can be tedious; consider using a password manager to encrypt and save your passwords across desktop and mobile apps.

    2. Check your email settings

    Whenever you set up an email account, you’re prompted to provide a recovery email address. If you seldom access this secondary email, scammers may be able to hack into it without your knowledge — replacing the recovery email with one of their own in order to muscle into your main email account.

    Remove any unknown secondary recovery email addresses, and turn off email forwarding. Set a reminder to look for evidence of someone tampering with your account, such as:

    • “New sign-in alert” emails in your “Trash” folder.
    • Delivery failure notifications in your “Trash” folder.
    • Repeated actions to mark messages as “Unread.”
    • Unusual outbound messages.

    Then, remove any unfamiliar devices signed in to your email account. Here’s how to do this on:


    • In your Google Account, select Security.
    • In Your devices, select Manage all devices.
    • Click on the devices that you don’t recognize.
    • Then, click on Don’t recognize something, and Sign out on device.


    • Log in to account.microsoft.com/devices.
    • Click on Show details of any device that you don’t recognize.
    • Under the device name, click on More actions, and then Remove.
    • Select the I’m ready to remove this device checkbox, and then click on Remove

    iCloud Mail

    • Go to iCloud.com and sign in to your account.
    • Go to Find Devices.
    • Select any unrecognized devices, and click on Remove This Device.

    3. Enable multi-factor authentication (MFA)

    With MFA activated, users must provide a password and additional identifiers. But in many cases, those identifiers are SMS- or email-based, making them vulnerable to interception [*].

    Adversary-in-the-middle (AiTM) attack techniques like SIM-swapping allow scammers to reroute your MFA codes to themselves, instantly unlocking your account.

    Opt for safer MFA options, like:

    • Biometric factors, such as fingerprints and iris scanners.
    • Hard keys that plug into a laptop or mobile device.

    4. Scan for malware once you’re offline

    While you’re still online, scammers can spy on your activity and siphon your personal information to a third party, or infect your devices or those belonging to individuals in your contact list.

    Turning off your internet connection disrupts communications with the scammer’s command and control center, giving you a chance to check for signs of infection, such as any [*]:

    • Inaccessible folders.
    • Browser extensions or new apps that you don’t recognize.
    • Disabled antivirus scanners.
    • Application crashes.

    Then, take steps to remove the virus from your computer. For instance, if you are using a Windows PC:

    • Keep your Wi-Fi connection off, and restart your PC in Safe Mode with Networking.
    • Power up your antivirus software.
    • Remove any threats flagged by the software.
    • Run a second scan to pick up any other lingering malicious elements.
    • Remove those secondary threats, and restart your PC.

    5. Contact any impacted organizations or people

    Inform a company or organization if someone has impersonated them so that they can take internal security precautions and warn others of the scam.

    Let your friends and family members know about the scam, too. If a con artist has your information, there’s a good chance that your loved ones are next on the scammer’s list of targets.

    If you come across a phishing email or suspicious message at work, follow your IT department’s protocol. They may be able to lock down your account, and contact affected email service providers or other impacted vendors.

    6. Look for account takeover (ATO) attempts

    Not all phishing culminates in a single incident — one email or text can set off a vicious cycle of continuous attacks, such as account takeovers.

    In the theft phase of an ATO, grifters use an initial phishing attempt to obtain a piece of your digital identity. They then combine it with other sensitive information that they’ve obtained on the Dark Web to guess potential usernames and passwords.

    During the validation phase, scammers use bots to test those credentials on various sites until they’re successful.

    Depending on the type of account they break into, scammers can use stored credit card information to make purchases, transfer loyalty points, or submit fake insurance claims on your behalf. They repeat the cycle until they’ve exhausted your accounts.

    7. Flag any unauthorized transactions

    Besides monitoring your accounts for unfamiliar devices and sign-ins from new locations, check your bank statements and credit reports.

    Unauthorized transactions, hard inquiries, and new lines of credit are all indicators of fraud. Report these transactions to your financial institution and dispute any credit report inconsistencies with all three bureaus (Experian, TransUnion, and Equifax).

    Doing this manually can be laborious and time-consuming, and doing so comes with the risk of overlooking more suspicious activity. Always-on credit monitoring can run these checks for you, notifying you of any changes so that you can take action in real-time.

    Services like Identity Guard will monitor your credit at Equifax, Experian, and TransUnion and give you the option to lock and unlock your Experian credit file directly from an app.

    8. Report the phishing attempt

    Reporting phishing can make you less of a target for cybercriminals, and also help governing bodies establish best practices. If you’re the victim of a phishing crime, recount your case in detail to:

    • The Federal Trade Commission (FTC) at ReportFraud.ftc.gov.
    • The Anti-Phishing Working Group (APWG), an international coalition of cybersecurity experts dedicated to eliminating identity theft, at reportphishing@apwg.org.

    You can also forward any smishing messages to SPAM (7726). If you suspect that your PII is at risk, file an identity theft report at IdentityTheft.gov. You’ll need to have the following information handy:

    • How and when you think phishers seized your information.
    • Bank statements showing unauthorized transactions and/or credit reports with signs of fraud.
    • The amount of fraudulent charges.
    • The names, phone numbers, and/or email accounts of everyone involved in the scam.

    📌 Related: What To Do If a Scammer Has Your Email Address

    Avoiding Phishing Emails Altogether

    Knowing how phishing scams work and how to respond to them is the best way to keep your accounts safe. Most phishing attacks tend to follow specific patterns. 

    According to a new Cloudflare report, phishing links — found in emails, text messages, and social media posts — are a scammer’s number one tactic of choice [*]. 

    Fraudsters were also found to be more likely to impersonate brands like Microsoft, Google, Amazon, and Wells Fargo. Following these nine steps can help keep your accounts secure:

    Identify phishing messages right away

    Be leery of messages and emails that insist you share personal or financial information, click on links, or download software. Carefully examine communications from your family members, friends, companies that you trust, and even correspondences from your workplace.

    It’s not uncommon for scammers to pose as an executive in your organization. They may send you a text or email requesting employee information or a file containing customer data, claiming that they need these details post-haste. 

    Much like other types of phishing, scammers rely on their newfound credibility to spur you into action. Always review messages for urgent demands, and check carefully for any unfamiliar email addresses. Strange greetings and spelling errors are other red flags.

    Set up email filters

    Carefully setting up spam filters can reduce the number of phishing emails you receive. Here’s how to adjust your mail privacy and spam settings on:


    Gmail scans all email messages for spam by default. But you can create more advanced spam filters to inspect messages from bulk senders more closely and quarantine spam messages.

    • Go to admin.google.com, then to Menu, and find Google Workspace under Apps.
    • Click on Gmail, and then Spam, Phishing and Malware.
    • Select an organizational unit.
    • Scroll to Spam and click on Configure.
    • In the Add setting box, enter a unique name for your new setting.
    • Select from among the many spam filtering options.
    • Click on Save.
    • Confirm that the new setting appears in the Spam settings table.

    Note that it may take 24 hours for new rules to be put into effect. To make sure the spam filter is working, you can monitor changes in the Admin console audit log.


    • Open Outlook to find Home, and then Junk.
    • Click on Junk email options.

    Choose from three levels of spam filtering available:

    • Low-level, to move emails that are obviously junk mail to the Junk folder.
    • High-level, for maximum protection from spam messages. Some important emails may be moved to the Junk folder accidentally. You can avoid this by adding specific email addresses or domains to your Safe Senders list.
    • Safe lists only, to only receive messages from emails or domains on your Safe Senders list or your Safe Recipients list. Other emails go to your Junk folder.

    iCloud Mail

    iCloud, by default, filters out unwanted bulk email messages. For additional protection, you can turn off the email image-loading feature, which spammers use to determine whether your account is active.

    Here's how to turn it off:

    • Go to iCloud.com/mail.
    • Click on the Settings button.
    • Choose Preferences.

    Click on General, and then toggle off Load remote content in messages.

    Pay attention to security warnings

    Gmail, Outlook, and iCloud use machine learning to screen as much spam as possible. When their algorithms can’t verify the sender’s email address:

    • Gmail puts a “?” next to the sender’s email address.
    • Outlook puts a “?” next to the sender’s email address.
    • iCloud Mail says it “can’t verify the sender of the server [insert domain name].”

    Unless the email is from someone you know, move those emails to your Junk folder, or report them as spam.

    Protect your email address

    Avoid sharing your personal and work email addresses online. Instead, use secondary, burner email addresses as recovery emails and mask your email ID to make it harder for hackers to access.

    Apple’s native Hide My Email feature is a good option for iCloud Mail and Mac users. For devices on macOS 13 or later, click on your name in iCloud settings, click on iCloud, and then click on Hide My Email.

    Alternatively, Aura lets you automatically generate email aliases to hide your primary email, prevent unwanted spam, and reduce your exposure to data breaches.

    Note: Identity Guard is an Aura product.

    Check for weak passwords

    Most password managers flag weak passwords — easy-to-guess or repeat passwords — for you. Change these passwords immediately to avoid account takeover attempts.

    You can also activate password alerts on browsers like Google Chrome that store passwords. To turn on Google’s Password Alert feature [*]:

    • Go to the Chrome store, and download Password Alert.
    • Follow the instructions to set up the app.
    • Sign in to your Google Account.

    Keep your software up to date

    Software updates include patches for known vulnerabilities in apps and operating systems. Installing these updates right away reduces your exposure to cybercrime.

    Every time you want to download a new app, first search for it on Google (or any search engine). You may come across poor reviews and ratings, or even security incident reports.

    Only download apps from sources that you know and trust, and delete any outdated or unknown apps on your phone and computer.

    Back up your data

    Personal files, like home videos, photos, and important documents, should be backed up in case of a cyberattack. The 3-2-1 backup strategy — three copies of your data, two on different devices, and one off-site copy — is a good start [*].

    For example, you can store one copy of a file on your computer, another on an external hard drive, and use an online storage system to store a third copy.

    But with scammers assailing networked machines so often, make sure that at least one copy of your files is completely offline.

    Use Safe Browsing tools and a virtual private network (VPN)

    A VPN encrypts and scrambles your data traffic — disguising your location, masking your IP address, and hiding your browser activity.

    While this makes it harder for hackers to infiltrate your network, it’s not impossible. For extra protection, use a Safe Browsing tool to block malicious ads, dangerous websites, and intrusive site trackers.

    File a spam complaint

    If a spam email makes it through your email filters, report it to the FTC by forwarding it to spam@uce.gov. You can also use USA.gov’s questionnaire to be directed to the appropriate site to report your issue.

    Keep your personal data private — and safe. Save 33% when you sign up for Identity Guard today.

    Related Articles

    Photograph of a Walmart location during the early morning

    How To Spot a Fake Walmart Email (And Other Walmart Scams)

    Walmart has become the most impersonated brand by scammers in 2023. Learn the warning signs of a Walmart phishing email and what to do if you’re a victim.

    Read More

    November 2, 2023

    How To Spot a Fake Walmart Email (And Other Walmart Scams)
    An elderly man seated in front of an laptop, with UX elements that represent a login screen hovering in the air

    12 Scams Targeting Seniors & How To Protect Your Loved Ones

    Adults over the age of 60 lost over $3 billion to scams and fraud last year. Here are the 12 most common scams targeting seniors today.

    Read More

    February 15, 2024

    12 Scams Targeting Seniors & How To Protect Your Loved Ones

    Get Started with Identity Guard

    Get started with Identity Guard today, risk-free.

    Get Protected Today
    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers