What to do if you clicked a bad link or entered a password
Acting in the first few minutes limits the damage. Don’t panic, and don’t hide it — speed matters more than blame.
- Disconnect the device from the internet to stop anything downloading or sending data out.
- Change the password for the affected account from a different, trusted device — and anywhere you reused it.
- Turn on multi-factor authentication for that account if it isn’t already on.
- Report it to your IT team or manager straight away — early reporting limits the spread.
- Watch the account for unexpected logins, rules or sent messages, and reverse anything you don’t recognise.
- If banking or card details were entered, call your bank immediately to stop transactions.
Still stuck after those?
You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.