Quick answer: stop entering details
Do not keep testing the link. Do not enter passwords, card numbers, Medicare details, driver licence details, one-time codes or banking information. Close the page and take a screenshot if safe.
If money or banking is involved, call your bank first using the number in your banking app or on your card.
Work out what happened
- Clicked only: risk may be lower, but still check the page type and device behaviour.
- Entered a password: change that password from a different safe page or device, then turn on multi-factor authentication.
- Entered card or banking details: contact your bank first.
- Downloaded or installed something: disconnect from the internet and get trusted help before logging in to private accounts.
First steps after clicking
Close the page. Do not reply to follow-up messages. Save the SMS, email, URL and screenshots. Check your accounts for unusual sign-ins or transactions.
Use the Suspicious Link Checker to understand the link type, then use the recovery helper if you entered details, paid money or installed software.
What not to do next
Do not call a phone number from the suspicious page. Do not pay a so-called unlocking, verification or refund fee. Do not let a stranger remotely access your device to fix it.
Use the free checker before the next step
These free tools are a first check only. They are not a guarantee and they are not a substitute for professional advice, your bank, police, ReportCyber, IDCARE or a qualified specialist where needed.
Is clicking a scam link enough to hack me?
Sometimes clicking alone may not be enough, but risk increases if you entered details, downloaded a file, approved a login, shared a code or installed an app.
Should I change my passwords?
Change passwords for any account you entered on the suspicious page. Use a different safe page or device where possible, and do not reuse the same password elsewhere.
When should I call my bank?
Call your bank straight away if you entered card or banking details, approved a payment, shared a one-time code, or see any transaction you do not recognise.

