FFCheckPrivacyCheck
NLEN
🚨 What now? privacy problemsCRITICAL — read first paragraph

I clicked a phishing link — what now?

First 15 min: device offline + change passwords. First 60 min: call bank + enable 2FA + antivirus scan. Then: police + Fraudehelpdesk + GDPR actions.

Last reviewed: 25 May 2026Reviewed by FFCheck-redactie
Phishing — a fake website posing as the real one (bank, post, KPN, Belastingdienst) to steal your data. If you clicked + entered something: time pressure = your enemy. Automated bots immediately try to gain access, transfer money, or install malware. 3 scenarios: (1) Only clicked, no data entered — usually just tracking pixel, low risk but still device scan. (2) Login credentials entered — immediately change password of that service + everywhere you used the same password + enable 2FA. (3) Payment details entered — immediately call bank, block card, block recurring debits. Common mistakes: "let me first check if something happened" — too late. React first, check later. "It was just a fake email" — may also contain malware payload. Always do virus scan. Work context: if you clicked on a work device, report to IT within 24h. Not reporting = potential employment issue + larger security risk. Common phishing 2025-2026: WhatsApp "mom I lost my phone" fraud, fake MyKPN, fake Belastingdienst "you're getting a refund", fake Bol.com track-and-trace, fake-looking DigiD pages.

Step by step

  1. Device offline + log out everywhere

    Disable WiFi/4G. Disconnect work network cable. Log out of all accounts in browsers. Do this within 5 minutes.

  2. Change password of affected service immediately

    Go via a DIFFERENT device (phone instead of infected laptop) to the real site. Change password. Do the same for everywhere you reused that password.

  3. Call bank — for payment data or bank phishing

    ING 020-22 888 22, ABN 0900-0024, Rabobank 088-722 6262 (24/7). Ask to block card + review all recurring debits. Save timestamp + case number.

  4. Enable 2FA + password manager

    2FA via app (Google Authenticator/Authy), not SMS — SIM swapping is a real risk. Password manager (Bitwarden free, 1Password paid) so you never reuse passwords again.

  5. Antivirus scan + malware detection

    Windows Defender / Malwarebytes (free) full scan. On macOS: Malwarebytes for Mac. Suspicious? Backup personal files and fully reinstall.

  6. Police report + Fraudehelpdesk

    Politie.nl for police report (Sr Art. 326 fraud + Art. 138ab computer trespass). Fraudehelpdesk 088-786 76 76 shares patterns + advises.

  7. GDPR action: access where your data is everywhere + erasure

    If the phishing came from a corporate breach, request access (Art. 15) from that business. On high risk they must inform you (Art. 34). GDPR rights pack (€29) has the letters.

Ready to act?

We'll draft the right letter for you

Personalised PDF · Send-ready · One-off €9,99
  • ⚡ PDF in your inbox in 60 seconds
  • 📄 BTW-compliant invoice included
  • ↩️ 30-day fix-it guarantee

Sources

🔎 Common search variants

Recognise your own search? Our answer above covers these too.

  • phishing link clicked what to do
  • clicked phishing email
  • bank phishing clicked
  • whatsapp scam clicked
  • phishing recovery netherlands

Related on PrivacyCheck