If you think you have been affected by a phishing scam, we recommend that you act immediately by following our guidelines below, and then proceed to our ReportRecover, and Reinforce sections for further assistance. Remember, a phishing scam can affect your finances, career, privacy, safety and reputation.

Some Immediate Action Steps to Take

  •  Immediately disconnect the computer or device from the internet.
  • Update your operating system and run a virus scan on your computer or device.
  • Change any compromised passwords right away and enable a two-step/factor verification on all of your accounts – which requires an additional code to log in.
  • Forward phishing emails or websites to the Anti-Phishing Working Group (APWG) at reportphishing@apwg.org.
  • If you think a scammer obtained sensitive information, visit IdentityTheft.gov for resources to minimize your risk of identity theft.
  • If your computer runs Microsoft Windows, download and run the Microsoft Windows Malicious Software Removal Tool.
  • If you think any credit card information was stolen, contact your credit card provider right away:
    • Visa 800-847-2911
    • American Express 800-528-4800
    • MasterCard 800-307-7309
    • Discover 801-902-3100
    • Capital One 800-227-4825
    • Chase 800-432-3117
  • If you think any of your financial information was stolen, go to annualcreditreport.com to obtain a free copy of your credit report, add a fraud alert or freeze your credit on Experian, Equifax and TransUnion in one place.


Reporting cybercrime incidents to the FBI Internet Crime Complaint Center (IC3)

is very important! The more national reporting data that is collected, the better the chance law enforcement has to catch the criminals and decrease online crime. Although the FBI does not resolve individual complaints directly, they will make your report available to local, state and other law enforcement partners. The FAQs about reporting can be found here. Please read the FBI/IC3 privacy policy here. (If you believe that you’ve received a phishing email, please forward the email directly to reportphishing@apwg.org.)


These resources have been gathered, selected and vetted to help simplify the process of recovering after a cybercrime incident has taken place. You may need to contact organizations outside Fraudsupport.org. Results will vary depending on your circumstances.


Once you have notified the appropriate organizations and you are on the road to recovery, it is time to reinforce your cybersecurity using these resources and tools.

Implement Preventive Measures

  • Download our Six Steps to Better Security PDF.
  • Always keep your operating system, security software, and apps up to date.
  • Keep your firewall turned on at all times to prevent hackers from stealing passwords or other sensitive information.
  • Routinely backup your data in a secure location.
  • Never click on a link or open an attachment in a message or email from someone you don’t know.
  • Create strong passwords. Learn how from ConnectSafely.org
  • Always enable a two-step/factor verification on your email, social media and other online accounts, which requires an additional code to log in.
  • Be sure websites are secure before submitting sensitive information. Find out how to spot a fake website.
  • Turn your computer off when it is not in use. Hackers cannot access your device when it is powered off.