I clicked a bad link: what to do in the first 10 minutes
You clicked on a suspicious link in an email or text. Don't panic. Here are the immediate, critical steps to take to secure your device and accounts.
1. Disconnect Immediately
Immediately disconnect the device from the internet by turning off Wi-Fi and cellular data. This is the most critical first step. It prevents any potential malware from sending your data to the scammer or spreading to other devices on your home network.
2. Scan for Malware
Use a reputable antivirus and anti-malware program to run a full scan on your device. If malware is found, follow the program's instructions to quarantine or remove it. If you don't have security software, download it from a trusted source on a different, clean device and transfer it via USB if necessary.
3. Change Key Passwords
Using a separate, uncompromised device (like a different computer or phone), immediately change your passwords. Start with the most critical: 1) The account associated with the link (e.g., your email, social media), 2) Your primary email account, 3) Your financial/banking accounts.
4. Enable Multi-Factor Authentication (MFA)
If you haven't already, enable MFA (also called 2FA) on all critical accounts. This security measure makes it much harder for anyone to log in, even if they have your password, because they would also need access to your phone or authentication app.