Pillar guide
Ultimate phishing recovery guide 2026
Use this guide when you clicked a phishing link, entered credentials on a fake login page or approved a suspicious authentication prompt.
What to do in the first 24 hours
- Stop all interaction with the suspicious sender, link or attachment immediately.
- Change passwords for affected accounts from a trusted clean device.
- Review active sessions and sign out unknown devices.
- Reset recovery email, recovery phone and MFA methods if they were changed.
- Inspect mailbox rules, forwarding, delegated access and app connections.
- Run malware scan on the original device before returning to normal use.
- Check whether the same password was reused across banking, social and work accounts.