First: breathe. Clicking a link is scary but fixable if you act fast. What matters is whether you entered passwords, card numbers, or installed anything.
Right now (next 10 minutes)
- Stop — close the tab. Don't enter anything else.
- Disconnect — if you downloaded a file, don't open it. Run a scan with Windows Defender or Malwarebytes.
- Screenshot — save the text or email for reports, then delete it.
- Did you type a password? — change it immediately on a different device if possible. Start with email (that's the master key).
If you entered bank info or paid
- Call your bank using the number on your card — not the scam text
- Dispute unauthorized Zelle or wire transfers immediately
- Gift card payments: call the card issuer within 48 hours — sometimes recoverable
- File at reportfraud.ftc.gov and ic3.gov
Within 24 hours
- Enable 2-factor authentication on email, banking, and Apple/Google accounts
- Freeze credit free at Equifax, Experian, and TransUnion
- Review the last 30 days of bank and card statements
- Warn family — scammers often target contacts next
Before you click next time
Paste any suspicious text into ScamCheck first. It's free, runs in your browser, and gives you a risk score plus a full action plan. Forward the link to parents — they're the #1 target.