Scam Message Checker

What to do if you clicked a scam link

Clicking a link is not always harmful by itself. The risk is what happened next - whether a page loaded, you entered details, or a file downloaded.

Quick answer

Clicking a link is not always harmful by itself. The risk is what happened next - whether a page loaded, you entered details, or a file downloaded.

  • Close the page and do not enter any details
  • Do not download or open anything it offered
  • If you typed a password, change it from a trusted device
  • Disconnect from the internet if a file downloaded
Most urgent

Do this now

  1. Don't enter anything on the page - close it.
  2. If you typed details, secure those accounts and tell your bank.
  3. Run a security scan if anything downloaded.

Understanding what happened

Clicking a link is not the same as being hacked. For most people, simply opening a scam page does nothing on its own - the danger comes from what you do next, like typing a password or card number, or downloading and opening a file. So if you clicked but entered nothing, take a breath: you are very likely fine, and the steps below are mostly precautionary.

Scam links work by imitation. They copy the look of a courier, bank, or login page and rely on urgency - 'your parcel is held', 'unusual sign-in', 'pay now' - to push you past your normal caution. The web address is often a lookalike or a shortened link that hides where it really goes, which is why checking the destination matters more than how official the page looks.

The real risk appears if the page persuaded you to act. Entering login details can hand over an account; entering card details can lead to fraudulent charges; downloading an attachment can place malware on your device. Each of those has a specific, fixable response, and the sooner you act the smaller the impact - most card and account problems are recoverable when caught early.

Treat this as a prompt to tidy up your security rather than a crisis. Change anything you typed, make sure two-step verification is on for important accounts, and keep an eye out for follow-up messages, because scammers often chase a click with a fake 'security team' call. If nothing was entered or downloaded, closing the page is usually the end of it.

First 5 minutes

  1. Close the page and do not enter any details
  2. Do not download or open anything it offered
  3. If you typed a password, change it from a trusted device
  4. Disconnect from the internet if a file downloaded

First 24 hours

  1. Run a security scan on the device
  2. Change passwords for any account you may have exposed, enabling 2FA
  3. Watch for unusual login or transaction alerts
  4. Report the link to your country's fraud authority

Next 7 days

  1. Watch accounts and statements for the week.
  2. Keep 2FA on and review login alerts.
  3. Be alert for follow-up messages.

What not to do

  • Do not pay anyone who promises to recover your money for an upfront fee
  • Do not act on follow-up messages claiming to be the fraud team
  • Do not delete evidence before saving it

Evidence to save

  • Screenshots of the message and sender details
  • Phone numbers, usernames, links, and account or wallet addresses
  • Transaction references, receipts, and amounts

How to save scam evidence →

How to report

  1. Gather your evidence first (screenshots, dates, amounts, any reference numbers).
  2. Report to your national fraud/cybercrime body and, if money moved, to your bank.
  3. Find the right official links for your country in the reporting directory.

Find official reporting links for your country in the reporting directory.

  • Do not use phone numbers or links from the suspicious message - look up the official ones yourself.
  • Report quickly if money was sent or ID documents were shared; speed improves your options.
  • Keep your evidence - see how to save scam evidence.

Beware of recovery scams: no legitimate service guarantees getting your money back for an upfront fee.

Stop it happening again

Get into the habit of reaching websites yourself - type the address or use the official app - rather than tapping links in messages. Bookmark the banking, email, and shopping sites you use most so you never need a link.

Turn on app-based two-step verification (an authenticator app, not SMS) for your important accounts. Even if a password is captured, two-step verification blocks most takeovers.

Related scam types

Related red flags

Related terms

This is general safety information, not legal, financial, or cybersecurity incident-response advice.

Still have the message?

Check it to understand the red flags and how to report it.

Check a message

Frequently asked questions

How quickly should I act?

As soon as possible. Fast action - especially contacting your bank - gives the best chance of limiting harm or stopping a payment.

Will I get my money back?

Sometimes, if you act quickly, but there is no guarantee. Be very cautious of anyone who promises guaranteed recovery for an upfront fee - that is a recovery scam.

Is my phone hacked just because I clicked?

Usually not. Opening a page rarely installs anything by itself. The risk comes from entering details or downloading and opening a file. Run a scan if you downloaded something, and change any password you typed.

Get scam safety updates

Practical scam alerts, new examples, and simple safety tips. No spam. No sensitive message data.

We only collect your email address, optional name, consent status, signup page, and signup time. See our privacy policy.