'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Technology & digital loss entered password on fake site • typed password into fake website • phishing login page • spoof website login • scam sign in page • fake banking login • fake email login page • gave password to scammer • credentials stolen • account takeover risk • password reuse worry • phising website • phishng link login • clicked link and logged in • suspicious url sign in • password compromised • someone has my password • accidentally logged into fake site What to do if…
What to do if…
you realise you entered your password into a site that may have been fake
Short answer
Stop interacting with the page, then go to the real site/app (typed in by you) and change your password immediately — especially for your email account if there’s any chance it’s connected.
Do not do these things
- Don’t keep entering your password again to “check” whether the site works.
- Don’t call phone numbers or use chat widgets shown on the suspicious site.
- Don’t wait to act because you haven’t noticed anything yet.
- Don’t reuse that password anywhere else, even “just for today”.
- Don’t share screenshots that show your email, username, or verification codes.
What to do now
- Close the suspicious page and stop. Don’t click anything else on it.
- Open the real service safely. Use the official app you already installed, or type the service’s address yourself in a fresh browser tab. Avoid sponsored search results/ads for this step.
- Change the password for the affected account right away.
- Make it new and unique (not a tweak of the old one).
- If offered, select “sign out of all devices/sessions” after changing it.
- If you reused that password anywhere, change those next (highest risk first):
- Email account(s) (because it can reset other passwords).
- Banking/payment services, shopping accounts, social platforms, messaging apps.
- Turn on multi-factor authentication (MFA/2FA) for your email and the affected account (and any account that supports it).
- Check for fast signs of takeover on the account(s):
- Password reset emails you didn’t request.
- New login/device alerts.
- Changes to recovery email/phone number.
- In email: suspicious forwarding rules/filters, unexpected sent messages.
- If anything looks changed or you’re locked out, contact the provider through a trusted route. Use the official help pages inside the real app/site you reached by typing the address (not any “support” links/phone numbers shown on the suspicious page).
- If this happened on a work or school account/device: notify your IT/helpdesk/security contact as soon as you can (they may need to revoke sessions or reset access).
- Report the scam if appropriate:
- Report it to the FTC using the federal scam reporting site (even if you didn’t lose money).
- If there’s significant loss or a broader cybercrime pattern, file a report with the FBI’s IC3.
- If you entered highly sensitive personal info (for example, Social Security number), follow the official steps at IdentityTheft.gov.
- If you entered banking/card details or see unauthorized transactions: contact your bank/card issuer immediately and follow their fraud steps.
What can wait
- You don’t need to decide right now about deleting accounts, changing your phone number, or buying new security products.
- You don’t need to reset every password you’ve ever had — focus on the affected account and any reused passwords first.
- You can deal with longer-term identity/credit precautions after you’ve regained control of accounts.
Important reassurance
Fake login pages can look extremely real, and getting tricked is common. Acting quickly — password change, MFA, and checking for account changes — usually prevents the worst outcomes.
Scope note
This is first-step guidance for the minutes and hours after a suspected phishing login. If you confirm account takeover or financial/identity fraud, you may need additional help from the provider, your bank, and official reporting/support channels.
Important note
This is general information, not legal or professional advice. If you’re seeing unauthorized access or transactions, prioritize regaining account control (password reset, MFA, signing out sessions) and contacting the relevant provider/bank promptly.
Additional Resources
- https://consumer.ftc.gov/articles/what-do-if-you-were-scammed
- https://reportfraud.ftc.gov/
- https://www.identitytheft.gov/
- https://www.ic3.gov/
- https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/spoofing-and-phishing
- https://www.cisa.gov/secure-our-world/recognize-and-report-phishing