Website Scams • Damage Control

Entered Info on a Fake Website? Do This Now

Quick action can prevent account takeover and financial loss. Follow the steps that match what you entered.

Start Website Training Browse Website Articles
Quick takeaway
Change passwords first, then secure MFA and contact your bank if payment info was entered.

Step 1: Identify what you entered

If you entered a password

  1. Change the password immediately.
  2. Change it anywhere you reused the same password.
  3. Enable MFA on the real account (app-based is best).
  4. Review recent logins/devices and sign out unknown sessions.

If you entered a one-time passcode (OTP) or MFA code

  1. Assume the attacker tried to log in in real time.
  2. Change your password immediately.
  3. Reset MFA methods if possible and check recovery settings.

If you entered card or bank info

  1. Contact your bank using the number on your card or official app.
  2. Freeze/replace cards if needed.
  3. Set transaction alerts and monitor daily.

If you downloaded anything

  • Run a security scan.
  • Remove suspicious browser extensions or apps.
  • Update your device and browser.

Step 2: Prevent repeat attacks

  • Use a password manager (often prevents autofill on wrong domains)
  • Bookmark important sites and use the bookmark
  • Practice the “type it yourself” rule for logins

Practice safer browsing habits

Practice Website Scam Defense Use Scam Lookup

FAQ

Is clicking a link enough to get hacked?

Not always, but it can lead you to enter credentials or download something. The risk increases if you typed info or installed anything.

What should I secure first?

Your email account and any accounts that share passwords—because email can reset many other logins.