If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Main content

Wait have I just been attacked? What do I do now?

We all try to avoid scams - but occasionally someone falls for one. Be prepared for this unlikely-but-possible event by learning about what to do if you realize that you have been scammed. To learn more about how you can keep yourself safe while on the Internet, visit: internet-safety.khanacademy.org. Created by Sal Khan.

Want to join the conversation?

Video transcript

- All right, Grace. So ideally we can recognize when we are attacked, but let's say we begin to fall for it. Let's say there's a phishing attack and we go, we click really fast cause we're all panicked. We type in our password and they're like, oh wait, I think I just gave my password to a shady site. What do you do once you're compromised in some way? - It's a great question, Sal. Now this is really unfortunate. We hope this doesn't happen to folks, but if it does, there are a few steps you can take to help mitigate the fallout from this kind of phishing attack. You should immediately tell a trusted adult, a teacher, or a parent, and let them know that this happened to you. This will also help them make others aware that if they are hearing from you on that account that's been compromised, so that other folks don't fall into the same hands of the scammer. This will also help you take steps to report the scam if possible. So, for example, if you're using Gmail, there is a reporting tool within your email. Oftentimes you can get alerts on your phone if there are phone calls that look like a scam, but there are also ways that you can report that. So definitely work with a trusted adult if you think that this has happened to you. And then once you've kind of mitigated the fallout from that, you can look at best practices to make sure that that password isn't compromised in other places. So you are going to want to update that password, enroll in two step verification as we talked about, and make sure that on a regular basis you're changing your password. So even if this happens to you and you weren't made aware, you can actually mitigate some of that risk if you're updating and having strong passwords on a frequent basis. There's another nifty tool called Security Checkup that can actually help you check on your passwords for all of your accounts where you use your email to log in. And that helps you keep track and make sure that you know your passwords aren't outdated or you know, worst case scenario that they haven't been breached in some kind of data breach or a phishing attempt. - Super, super useful.