Computer‎ > ‎Security‎ > ‎Phishing‎ > ‎

What to do if you've responded to a phishing scam

If you suspect that you've responded to a phishing scam with personal or financial information, take these steps to minimize any damage.

Step 1: Report the incident

Contact the following authorities:

  • Your credit card company, if you have given your credit card information. The sooner an organization knows your account may have been compromised, the easier it will be for them to help protect you.
  • The company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received.
  • In the United States, the Federal Trade Commission. Report the circumstances to the FTC: National Resource for Identity Theft.

    You can also report the phishing scam to the Anti-Phishing Working Group and to the FTC at

    To report the scam to these groups: 
    Create a new e-mail message addressed to them and attach the phishing e-mail message to the new message.

    Note: You can also copy the entire phishing e-mail message and paste it in the new message.

Step 2: Change all your passwords

Step 3: Routinely review your statements

Review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.

Step 4: Use the most up-to-date tools

  • Visit Microsoft Update and sign up for automatic updating.
  • Install the latest e-mail software with spam and anti-phishing capabilities like Microsoft Office Outlook, Windows Live Mail, or others to help identify and warn you about suspicious e-mails.
  • Use the SmartScreen Filter in Internet Explorer 8 to help detect unsafe and potentially unsafe Web sites as you browse.
  • Install up-to-date antivirus and antispyware software.